Thursday, March 5, 2009

Efficient Captchas

There is a whole lot of buzz in the internet about alternatives to captchas (i mean alternatives to image captchas). Its not mainly because captchas are not secure against bots, but because they aren't convenient!!!
People are getting bugged because of highly illegible captcha strings (http://tinyurl.com/5bvk7c).

But i really feel, captchas, if done properly are the best form of human recognition technique. Its simple, fast, and sufficiently secure. People are used to image captchas, and it just works! I get more bugged when I'm asked silly questions, or to solve a mathematical equation or when i have to select kittens out of 9 pictures of animals!!!

I put up some points here on how to create usable and convenient captchas:

1. Use a light background. I'll prefer a plain white background. Backgrounds do provide some security but having a regular background for all captchas does not helps as an average captcha solving algo will adapt itself to it.

So, its always better to present your captcha in white background, so that its easier to read.

2. Dont just use random words, instead use a phonetic generator to generate your captcha strings. This helps a lot in terms of captcha usability. Also, a phonetic generator does not poses much threat to your captcha getting hacked. Sure, it increases the threat but it provides more usability than threat.

3. DO NOT use a straight baseline and loosely couples letters. While writing any captcha hacking program, the most difficult operation is Segmentation. You can captivate on this weakness of captcha hackers by keeping wavy baselines and keeping letters coupled in random fashion.

4. Use single color for your captcha (better user experience and readability). A captcha bot can easily convert your captcha to grayscale for hacking.

5. Use letter warping, instead of image warping for the whole captcha. Warped letters are difficult to segment and recognize.

6. Differnt length captcha strings everytime for more security.

I hope it helps the community and eventually the end users, the humans!!!