alternative captcha methods

Question

I\'m looking for inspiration here. I need to employ some sort of human verification for my website, but the most common method these days (asking users to type the letters &

Answer 1

Although it's a bit old, I really found KittenAuth to be an amusing (and probably very effective) captcha approach. There only seems to be one demo on their contact page, though.

The problem with pure-image based approaches (as opposed to textual images) is that you are basically preventing blind users from using your site. The KittenAuth author acknowledged this on one of the comments on his site.

As a funny little rider to KittenAuth, this page has "10 of the worst captchas of all time," including one of my favorites:

Answer 2

Try using a question challenge system where a simple question demands a simple cognitive response. For example ask a user to answer the following example question:

Three cars on the street can see three more cars. How many total cars are there?

Technology is not so advanced that a bandwidth sensitive bot is capable of answering such a question and yet the question is easy to answer. A user must enter three or 3 to verify they are a human and not a machine. You would have to have a large enough bank of questions that a bot would not simply ping your site looking at questions to record so that it may return with answers in hand.

Answer 3

Try using an ajax based submission process that's triggered by clicking a normal button (not a submit button), it's really easy with jQuery.

As far as I can tell, spambots don't have javascript.

If you're worried about users without javascript enabled, I think it's perfectly ok to have them unable to submit the form. If they can't trust you to enable javascript on your site, it's not your fault that they can't use the website to its fullest extent.

EDIT:

Also see: Practical non-image based CAPTCHA approaches?

The problem though, if someone is targeting your site purposely, this kind of technique won't work.

EDIT2:

I can't provide a link to a real life example, but I blogged about it with a bit more details, so here's some sample code:

function submit_form()
{
    jQuery.ajax({
      "type": "POST", // or GET
      "url": 'action_url', // The url you wish to send the data to, the url you'd put in the "action" attribute on the form tag
      "data": jQuery("form#the-form").serialize(), // The data you'll send. You need to get the form somehow. Easiest way is to give it an id.
      "dataType": "json", // Only put this if the server sends the response in json format
      "success": function(data, textStatus) // server responded with http status 200
        {
            // This is the happy case: server response has arrived
        },
      "error": function(req, textStatus, errorThrown) // maybe HTTP 404 or HTTP 500
        {
            // something went wrong, the response didn't go through or the response didn't come. Handle the situation: let the user know, or something.
        },
      "complete": function(req, textStatus) // This one always gets called anyway
        {
            // cleanup after yourself
        }   // XXX careful: if you put a comma here, IE6 will fail
      });
}

Answer 4

I particularly like the "which animal can fly" example. Simple & Effective.

But this kind of thing could be abused. It wouldn't be difficult to give it a cultural bias — or a perceived one.

And, as austin cheney showed, it could easily become a sort of intelligence test, and you would have an Accessibility problem.