Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

When Designing CAPTCHA System, Should It Go Easy to Hard or ViceVersa

DeeeeeeeeDeeeeeeee the Americas
edited March 2019 in VIP Section 71.167.129.217
Happy Friday nite, GSA pplz!~ Hope you all are having fun, in Europe, the Americas, Asia, and everywhere!~

I was having fun exploring PHP GD library and CAPTCHAs. :)

I am adapting an existing PHP captcha I found and changing it around.

I have a few ideas, but I've made it so the user gets an impossible CAPTCHA right away.

But, I wanted it to get progressively easier  if failed.

I see no one does that.

For stopping spam, i guess it's best to do the opposite, but for users, it's hell having the CAPTCHAs get worse, and when it starts off easy, it's a cheaper spamming target, I would say...

What about a "Send an EASY CAPTCHA!" button that user can press instead of just failing??

...And still start off with hard ones, anyway??


OR, a super easy puzzle (check the value in each column so that they increment,etc.), in order to GET to the easy CAPTCHA?

Answers

  • SvenSven www.GSA-Online.de
    I don't think it's a good idea. It's maybe better to design a captcha that is hard to break by AI/OCR. And for that there are several options you have:

    - carefully choose colors
    - mix fonts
    - overlap chars
    - dust of same size as chars
    - result should be in a mixed length
    - have the OCR result another quest like math/question
    - size of captcha is always different
    - image type is different (jpg/gif/png)
    - for gif make it an animated gif <<< this alone stops most AI
    - when using png, use different layers

  • Thanks, kindly, Sven!

    I've been trying to make the actual captcha code more readable to the user...I was going way overboard...lol I think I've reached a good level of readability...


    I'm already doing/setting up a bunch of the above options. But some are entirely new concepts:

    "- dust of same size as chars"

    Hmm..I didn't think of this one.... What about dummy chars that are kind of like letterforms, or using another alphabet, and use that as background dust so as not to confuse the user, as u can't use actual letters in this instance? Plus, letterforms may trigger OCR as they can RESEMBLE letters, but vary in some key way...

    "have the OCR result another quest like math/question"

    I guess if the user REALLY wants to join, it's not an issue doing this once to make an account. I see if I kind of make it fun, or on-topic for the site, it may help users enjoy the whole process...

    "for gif make it an animated gif <<< this alone stops most AI"

    Super cool. It can start out as the WRONG code, then a letter gets kicked off, or letters picked up and dropped (by the site's mascot if u want it to look nice and keep user having fun)  off after five seconds....hahah

    "when using png, use different layers"

    ah......I like this one also. Did not think of this, either!! I like this one!!!!!!!!!


    I'm also going to make totally different PHP classes with significantly different CAPTCHAs. I don't know about if that should be random, or if user should get served progressively more difficult/easy.

    I'm thinking "easy" should also be very difficult, just a bit easier.
  • DeeeeeeeeDeeeeeeee the Americas
    edited March 2019 71.167.129.217
    ...so in the end, you really just make the site a higher-cost target...

    ...thereby cutting down bandwidth by account creators significantly....


    ...but not completely....ever...

    ...as a live operator from an external service can defeat all but a quest that would require knowledge of the focus-topic of the site, with a not-so-easily-searchable solution...

    ...maybe with a server-side timeout?? So there IS not time to research a topic via Google?

    And the Question is only shown once a user clicks, starting timer?
  • DeeeeeeeeDeeeeeeee the Americas
    edited March 2019 71.167.129.217
    Hmm..How about CAPTCHA quiz for topical sites?

    Ten (or more)  Qs on site topic...with short timeout...and u need at least  a 70% to "Pass?'


Sign In or Register to comment.