CAPTCHAs are basically designed to prevent spam. Companies spend millions of dollars every year dealing with the spread of spam. Spam can be presented in the form of: offensive or unwanted comment on your blog, undesirable email and bad sign-ups on your site.
CAPTCHA has been used to combat this problem. Essentially, it is designed to enable a computer to tell whether it is interacting with a human or a bot. However, since technology has advanced, these bots have gained the ability to crack CAPTCHAs and pass this security test.
That is why CAPTCHAs are becoming more irrelevant. Also, they are annoying. The good news is that there are several effective alternatives.
Table of Contents
Google’s No CAPTCHA reCAPTCHA
Google’s new captcha, requires only a click in a checkbox instead of traditional distorted word test. Click here to see how to implement it.
Visual Tests
Security tests that use images rather than plain texts are normally easier for users. All they have to do is figure out a plain picture. They do not need to decipher distorted texts. For instance, you may be shown a set of ten images, four of which are puppies. You need to identify the four puppies in order to bypass this security measure. Though the success rate for normal humans may be higher, they still prove ineffective to users who are partially sighted or blind. Also, you need to know what a puppy looks like – so they require a basic level of knowledge.
Honeypots
Any website that permits unverified users to submit forms will definitely have a problem with spam bots. These bots will be submitting unwanted or junk content. A popular technique to prevent spam bots is the honeypot. When a spam bot fills a form, it will fill everything including fields that are invisible to humans. So if the fields are filled out and the form is posted, then the submitter isn’t a human. As a result, the submission will be rejected.
Checkboxes
Bots can also be deterred by using JavaScript to create a checkbox that includes something like “I am a human”. Bots do not have the ability to see the checkbox. Only real humans will be able to see them. This is the essence of stopping spammer bots.
However, this technique is not 100% perfect. Spams bots are getting smarter and smarter. Some bots have gained the knowledge of reading CSS or JavaScript language and check the box. The solution is to put two checkboxes. Ideally, one box should be hidden so that humans would not see the box and click it due to curiosity. Bots will generally click both checkboxes since they cannot distinguish the invisible box from the visible one.
Verified Sign in
Also, you may confirm whether visitors are humans by asking them to sign in with an account such as Twitter or Facebook. This option eliminates the anonymity used by some people to leave offensive comments. It also discourages internet trolls. The major problem with this alternative is that many users are not comfortable signing in with their social media accounts. They think this compromises their privacy. Some websites have also been accused of posting stuff to users’ accounts without their permission.
Limited-use Accounts
Another way to limit abuse by spam bots is to intentionally stop the creation of new accounts for a period of time. This approach may prevent spammer from signing up for many fake accounts and sending spam email from each account.