Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

what can be used instead if captcha is insecure?

As far as I read from here, the fact that captchas are not 100% secure.what can be used instead of captcha? As a programmer what do you think? how to solve this issue?

Edit: thanks for all answers.

like image 793
berkay Avatar asked May 21 '10 08:05

berkay


People also ask

Which is the most secure CAPTCHA?

ReCAPTCHA. Not to be confused with the RECAPTCHA reboot, ReCAPTCHA is one of the most popular CAPTCHA security alternatives. The solution uses scanned text and audio that an optical character recognition technology wouldn't interpret.

What is insecure CAPTCHA?

Use of insecure CAPTCHA implementations can allow attackers to bypass anti-automation protections. CAPTCHAs are commonly used by web applications to thwart automated form submissions that could have an adverse effect on their operation. Poorly written CAPTCHA implementations can provide a false sense of security.

Why is CAPTCHA not good?

Captchas are disruptive to users because they are literally there to disrupt or impede access to websites. And, as bots get smarter thanks to machine learning, the problem just gets worse.


2 Answers

This is an unsolved problem, and will become more unsolved as time passes. The better the OCR tools get, the smaller the gap between humans and computers, and the harder it will be to tell them apart. Eventually, computers will be indistinguishable from humans, and then the game will be up.

If your server wants to make sure that a human is at the other end of a TCP pipe, there isn't a turing-test in existence that won't eventually be defeated (and there probably never will be one). CAPTCHA is doomed, it's just a matter of how soon.

Of course, that doesn't mean it's all over as far as human authentication is concerned. It just means that automated turing tests, as convenient as they are, won't be an effective way to achieve this for very much longer.

like image 195
Marcelo Cantos Avatar answered Sep 20 '22 23:09

Marcelo Cantos


  • Captcha involving human reflexion (like calculation, really simple question, and the like).
  • Session tokens
  • randomly generated hidden input which requires to be null, on the server side generate a random identifier, keep it in a session for a while. If the input is filled and not null, then it might have been filled by a robot, do your users will fill an hidden input ?

I think it really depends on what you are trying to control over the use of captcha.

like image 30
Boris Guéry Avatar answered Sep 21 '22 23:09

Boris Guéry