问题
To start with, I am well aware of the security/usability trade-off associated with captchas and do not need any explanation on that.
I know that reCAPTCHA is the state-of-the-art in captcha technology but we just do not want to use it for our site because of the difficulty faced by users to read distorted words. Our site is a study portal for students offering live online classes, so the users will be students (leaving certificate level) and teachers.
I have been searching for different ideas and found some good ones like:-
The Sesame Street Solutionas given in http://www.usereffect.com/topic/2009-07-13-captcha-is-there-a-better-way.Asking questions which are very easy for humans like "which one tastes better or ". But how many such questions do I need to store to be safe?
My purpose of asking this question is to get as many ideas as possible. I think there are still a lot of user-friendly but secure ways I could analyse before finalizing.
Please highlight the pros and cons of the method you suggest with reference to the way spam bots work. I am not much aware of many of their strengths and weaknesses.
Thanks,
Sandeepan
回答1:
Reading distorted words is one thing, but also asking legit users to enter things like this can get quite annoying. So it's important you don't burden the user with anti-spam measures.
Damien Katz has used a negative captcha to stop spam bots. This technique, also called honeypot field, is easy to implement and doesn't require the user to do anything.
A more complex honeypot implementation is described by Ned Batchelder. It involves randomized field names and hashed values to make sure bots haven't tampered with the form.
In his article he states the following:
Spammers don't make software that can post to any form, they make software that can post to many forms.
So it only takes a simple trick to confuse the majority of spam bots. A little bit more magic will take care of the remaining bots.
Regarding the Sesame Street solution, asking simple question or selecting the correct animal from a list: these are questions that are hard for spam bots to answer, but they can be difficult for users as well. Especially if your site has an international audience, people with a first language other than English may have trouble understanding the questions. It may not be an issue with your student audience, but it is something to keep in mind.
回答2:
One a colleague of mine implemented was to present a series of random images of things like tea cups, boats, cats etc. with checkboxes and ask the user to tick all the cats (say), or perhaps the boat and the tree.
The images were fairly simple two colour icons really, though you could use real photos if necessary.
Just make sure that your image names aren't representative of their contents.
回答3:
First, ASP.NET has a control that isn't truly a "captcha," but in fact quite the reverse - a very simple script which makes sure that the visiting program can evaluate JavaScript. This gets rid of all but the most complex scrapers, especially if the JavaScript test has a structure that changes (i.e. it isn't just var y = 2; var x=y+(random number from server); verify(x))
Google and Craigslist both use phone numbers, which mandate that a nasty bot at least have access to an SMS-capable number (or speech recognition + voice line)
My favorite captcha is clicking on something that a computer can't recognize, such as picking out a cat from a short list of animal pictures.
It's important to consider accessibility and ease of implementation, which reCAPTCHA does very well.
来源:https://stackoverflow.com/questions/3356337/need-suggestions-ideas-for-easy-to-use-but-secure-captchas