Recap: the problem with current Captcha solutions
The general purpose of Captcha’s are to prevent the automation of form submission. For example, to protect a guestbook from filling up with spam-entries or to prevent hundreds of bogus users registering to a forum. Until recently, image-based Captcha’s have been a reasonable solution to combat this problem. However, with Object Character Recognition techniques getting better and better, Captcha’s too have to continuously increase in complexity. Just look at these gems and imagine yourself being color blind:
Ironically, it’s come to the point that computers are better at deciphering Captcha’s than humans are, simply because computers have infinite patience. To illustrate: evildoers trying to beat your Captcha are probably satisfied with a success ratio of 1/100 – because in just a few hours of repetition this can add up to hundreds of successful passes. A typical human user on the other hand probably throws in the towel after three consecutive failed attempts – at which point they’ll most likely leave your website altogether.
Who can blame them? The average user doesn’t understand why they should enter a random string of letters in the first place. It’s not their problem and they do not care what it is for. For them it’s some sort of annoying puzzle that stands in the way of doing what they want to do. Not being able to pass it, makes them feel inadequate and frustrated.
The Anti-Captcha challenge
The basic idea behind it is simple.
“Create a captcha solution which does not require any end-user interaction”
Check out the online demo.
How it works
- Generate a random token
- Store a checksum of this token in a cookie
After form-submission, the checksum of the post value should equal the checksum stored in the cookie. As a bonus, this technique should also provide adequate protection against XSRF.
Download Anti-Captcha and put it in the head of your html document:
After form-submission match the input value with the sha1 checksum stored as a cookie:
Looking for the WordPress plugin? Click here
The Anti-Captcha is licensed under LGPL 2.1