The Trouble with CAPTCHA - Alternatives to CAPTCHA
(Page 2 of 4 )
While there may be little that can be done to prevent circumvention by human operators, a variety of attempts have been made to implement CAPTCHA-like puzzles that are less vulnerable to machine-based compromise.
Image recognition in its simplest form requires users to recognize images rather than letters in order to solve the challenge. These images can be computer generated, but a better system involves the use of photographs, as these are easy for humans to decipher but highly challenging for computers.
One example of how this works is by users being asked a question and having to select from a list the number of images that represent the correct answer. Kittenauth is one such system. It presents an array of cute cat and kitten pictures alongside images of a whole range of other animals such as elephants, hedgehogs, pandas and horses. The challenge is simple enough: click on the pictures that contain kittens and hit the submit button.
The Kittenauth system: just click the kittens
The principle at work here is that it's straightforward for a human to distinguish a kitten from some other cute furry animal, but very difficult for a computer to do the same. As a secondary benefit, kittens are much cuter to look at than illegibly distorted letters, so users are less likely to become annoyed by the challenge. Of course the images could easily vary to reflect a particular site's content: a clothing site, for example, could ask its users to pick out dresses but ignore the suits and shoes.
On the face of it, this sounds like the ideal solution. However, it does have certain drawbacks, the main one being accessibility. While traditional captures could be delivered as sound files, this is harder to accomplish with photographs, and easier for a bot to decipher, making use of the kittenauth system almost impossible for the visually impaired. Some copycat systems have attempted to resolve this with the use of alt tags to describe the images, but this is self-defeating, as plain text is trivial for a computer to parse.
A second challenge to the photograph-based system is the need to separate the images from their filenames, as access to these would allow the solution to be reverse engineered. The images must therefore be streamed in real time from a database with no repeating identifiers.
The system is also potentially vulnerable to brute force cracking, either by repeated random attempts or by image "harvesting" in which a bot gathers the images from a particular database, learning over time which are kittens and then using this knowledge to break the system. A successful workaround for this has been to introduce multiple sets of images, so instead of always selecting kittens you might variously have to identify motor bikes, airplanes or power tools. The wider the range of possible passing sets, the more difficult the system becomes to break.
More Web Development Articles
More By Bruce Coker