Reasons not to use Captcha
I don't get as angry about Captcha as I used to, but on occasion someone asks me why I don't like it. I figured I'd post this list here so I can have something to reference, instead of having to brainstorm everytime I'm asked the question.
- Most people hate filling out Captchas.
- It doesn't stop human spammers (they fill out your form manually).
- Spam software these days can break through simple Captchas.
- If you make your Captcha harder, you may block legit users.
- Blind people can't get past Captchas.
So what is my least favorite feature in ColdFusion? <cfimage action="captcha"> ;)
Jake Munson
36 Yrs old
So what do you recommend as an alternative to Captcha? CFFormProtect??
1) Well yes there's always the choice not to use captchas, but people may hate filling out a form to register on a site, enter their password to log into a site, etc., but those steps are necessary to make a certain system work effectively.
2) That's true it doesn't, but I'd argue one of the most insidious qualities of spam is that it is sent in quantity, which a spammer manually filling out forms cannot accomplish without significant time on the part of the spammer.
3) & 4) This is a balance to maintain, security versus usability. However, I think the idea is to combat spam, making it more difficult for a spammer to fill out a form, not so much to eliminate it entirely. There never will be an unbreakable captcha, as there never will be an unbreakable password. The point is to make it more difficult for spammers with minimum inconvenience for legitimate users.
5) I'm a fan of reCaptcha (<a href="http://recaptcha.net">recaptcha.net</a&...;). It is accessible to blind users and makes me feel warm and fuzzy about stopping spam and helping digitize books at the same time. Even if I spam bot gets through, at least they're helping out :)
reCaptcha may make you as the site designer feel warm and fuzzy, but your users could give a crap. I'm talking about usability here. Can you imagine telling your mom, "Sure mom, you can talk to me anytime you want, but you have to decode a little hard to read text before every conversation."
Just a note: If a spam bot does get through on a reCaptcha captcha, it does not actually help out. The second word (the word for the digitized book) is optional, it does not need to fill it out to pass the captcha.
I have been using Jake's cfformprotect for a couple months now with great success. I have only heard of one issue with someone not being able to comment and I have seen ZERO spam since I started using it. Looking forward to version 2.0
I became enthusiastic about the tool because I generally dislike CAPTCHA's - why should I have to fill in a simple mathquestion or try and decifer weirdly looking digits and letters? I just want to comment - the beauty is CFFormProtect is it's ability to do all checks serverside without the user ever even noticing it's present doing its work. I'm ready for version 2.0 even though I won't be using the Project Honey Pot feature. Thanx Jake for this little piece of CFC-magic.