How Not To Design A CAPTCHA

[Vulcan]

https://plus.google.com/107276867598285658079/posts/KcJXYamu12X

Unfortunately Sony missed the entire point of a CAPTCHA. Instead of using an obfuscated image which is difficult for computers to recognize the characters, they include the CAPTCHA's unobfuscated characters in HTML and use CSS and JavaScript to make the characters appear slightly distorted.

While taking a Digital Image and Video Processing class (EE 371R at utexas.edu), I picked up a summer hobby of writing CAPTCHA breakers. Most CAPTCHAs can be decoded with a combination of Gaussian edge detection and XOR difference analysis with known characters. However this one falls to a simple regex.

This sums Sony up...

And then Sony wonders why they are "hacked" left and right...

Muppets.

 

[RobH]

Makes you wonder what sort of developer spent time actually implementing this.

 

[UncleRuckus]

Wow, that makes my head hurt.

 

[A.N.Other]

That's a facepalm moment if ever I've seen one

 

[redeye_uk]

Oh dear Sony!

A good alternative to traditional CAPTCHA's is the jQuery fancy CAPTCHA

 

[daz]

My friend is still working on his Motion CAPTCHA plugin...
http://www.josscrowcroft.com/demos/motioncaptcha/

 

[PiKe]

My friend is still working on his Motion CAPTCHA plugin...
http://www.josscrowcroft.com/demos/motioncaptcha/

That is ace.

 

[Tripnologist]

My friend is still working on his Motion CAPTCHA plugin...
http://www.josscrowcroft.com/demos/motioncaptcha/

That is pretty cool.

 

[redeye_uk]

My friend is still working on his Motion CAPTCHA plugin...
http://www.josscrowcroft.com/demos/motioncaptcha/

Cool

Some of them get quite complex; like the star. Wouldnt surprise me if it asked me to draw the mona lisa!

 

[gord]

The circle is really picky!

 

[GravyMonster]

I normally use this one as it has the clearest characters: http://keith-wood.name/realPerson.html

That motion one is very very nice. My only concern would be lack of graceful degradation for accesibility.

 

[Muel]

Slightly related, but what is it with people these days and designing captcha images that cannot be physically read? I was on a site the other day and it took me 7 attempts at reading the image, typing it in, being declined and then refreshing for a new one.

 

[gord]

It's mainly due to the improved sophistication of the image recognition techniques to circumvent such systems. So if you ever seen one and think.. "Dear God.. I can't even read this. The guy who built this is a complete tool!". Just remember that they are trying to stop spam and it is the spammers who have caused you this grief.

 

[jak731]

It's a good thing they have a refresh, got this the other day

 

[MikeHunt79]

Why am I not surprised? They may As well have had no captcha at all!

 

[Rroff]

Wow just wow.

Some of them are getting pretty silly these days tho I've had ones I've not been able to make out at all until I've refreshed 10x.

 

[reefoid]

I saw an article the other day about how many captcha systems are being used to digitize old newspapers and books, especially where normal OCR systems struggle with the quality and typefaces. Good use for the system, although I think this partly explains the impossible to read characters.

 

[A.N.Other]

That motion captcha one is excellent, but as above, it doesn't do much for your site's accessibility. Not much point having a font size changer or a choice of contrast options if the only way they can get in touch with you is through that

 

[Midget^]

Surely the person putting it in knew it was complete crap as well, his boss probably insisted on a CAPTCHA and being a lazy developer probably put in the first code snippet he could find. The code is pretty hilarious though *facepalm*.

 

[RobH]

I got this one the other day: