Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

what can be used instead if captcha is insecure?

Tags:

javascript

security

As far as I read from here, the fact that captchas are not 100% secure.what can be used instead of captcha? As a programmer what do you think? how to solve this issue?

Edit: thanks for all answers.

like image 793
berkay Avatar asked May 21 '10 08:05

berkay

People also ask

Which is the most secure CAPTCHA?

ReCAPTCHA. Not to be confused with the RECAPTCHA reboot, ReCAPTCHA is one of the most popular CAPTCHA security alternatives. The solution uses scanned text and audio that an optical character recognition technology wouldn't interpret.

What is insecure CAPTCHA?

Use of insecure CAPTCHA implementations can allow attackers to bypass anti-automation protections. CAPTCHAs are commonly used by web applications to thwart automated form submissions that could have an adverse effect on their operation. Poorly written CAPTCHA implementations can provide a false sense of security.

Why is CAPTCHA not good?

Captchas are disruptive to users because they are literally there to disrupt or impede access to websites. And, as bots get smarter thanks to machine learning, the problem just gets worse.

2 Answers

This is an unsolved problem, and will become more unsolved as time passes. The better the OCR tools get, the smaller the gap between humans and computers, and the harder it will be to tell them apart. Eventually, computers will be indistinguishable from humans, and then the game will be up.

If your server wants to make sure that a human is at the other end of a TCP pipe, there isn't a turing-test in existence that won't eventually be defeated (and there probably never will be one). CAPTCHA is doomed, it's just a matter of how soon.

Of course, that doesn't mean it's all over as far as human authentication is concerned. It just means that automated turing tests, as convenient as they are, won't be an effective way to achieve this for very much longer.

like image 195
Marcelo Cantos Avatar answered Sep 20 '22 23:09

Marcelo Cantos
  • Captcha involving human reflexion (like calculation, really simple question, and the like).
  • Session tokens
  • randomly generated hidden input which requires to be null, on the server side generate a random identifier, keep it in a session for a while. If the input is filled and not null, then it might have been filled by a robot, do your users will fill an hidden input ?

I think it really depends on what you are trying to control over the use of captcha.

like image 30
Boris Guéry Avatar answered Sep 21 '22 23:09

Boris Guéry
Sign in to Comment

Related questions

React app has to clear browser cache after new deployment
Visual Studio Code - How to display variable values inline during debugging?
What is the raku equivalent of the JavaScript arrow function?
Vue 3 watch doesn’t work if I watch a destructured prop
JS Mini functions
Is there a performance difference between the sx prop and the makeStyles function in Material UI?
Determining width of a printed string by a webapp
How to debug JavaScript in IE?
loading javascript dependencies on demand
How do I parse @import stylesheets with Javascript
Cancel jQuery event handling
Quick jQuery question: Stopping event propagation?
Convert .NET DateTimeFormatInfo to Javascript jQuery formatDate?
Adding an event listener to an iframe
addEventListener and the scope of this
HTML5 localStorage & SQL
ASP.Net - Javascript inside AJAX UpdatePanel
Understanding JQGrid column width behaviors
How to activate two JavaScript functions in parallel?
Too many jquery plugins?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!