The Trouble with CAPTCHA - 3D CAPTCHA
(Page 3 of 4 )
The 3D CAPTCHA is an innovative idea that involves the use of instantly recognizable image elements constructed from basic computer-generated three dimensional shapes. Such a system has been devised by spamfizzle.com. In this system each element is matched in a database to a text description, and used in the generation of a random "scene" in response to each new authentication request. Within the scene, each element is marked with an identifying number, and the challenge for the user is to provide one or more of these numbers as the answer to a set of questions.
For example, the 3D shapes might be used to make up an easily recognizable human body: a spheroid for the head, tubes for the legs and arms, and other suitable shapes for the hands, feet and torso. In the sample scene, identifying numbers are randomly assigned to these body parts, and the question might require the user to enter the numbers that equate to the head, right upper arm and left foot.
The random nature of the scenes, along with the arbitrary way in which identifiers are matched to elements, make it almost impossible for a bot to learn or force a solution. A random guess is highly unlikely to work due to the high number of available incorrect options. The system relies on the human ability to recognize a set of abstract shapes arranged to create an image that is easily identifiable by us, but that means nothing to a computer.
One of the key advantages attributed to the 3D system is that it could greatly increase the cost of human processing solutions. While the challenge is relatively trivial and undemanding on a one-off basis, it can be made to require much more time than the six seconds typically needed to solve a regular text-based CAPTCHA. It is to be hoped that the additional time required might make it less economically viable to employ paid solvers, although the economic value of legitimate accounts probably makes this unlikely.
A second advantage is the ability of the scene to be changed dynamically to subvert automated attempts to break the system. For example, even if an automated system learns to recognize the human body shape on a regular basis, the CAPTCHA system can recognize the automated break-in attempts by their frequency and replace the body with a different object from its library. It can simultaneously reshuffle the scene and reassign the identifiers to negate any temporary gains made by the bot.
More Web Development Articles
More By Bruce Coker