W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > April to June 2006

FW: Text-based Captchas

From: Patrick Lauke <P.H.Lauke@salford.ac.uk>
Date: Wed, 3 May 2006 11:58:34 +0100
Message-ID: <2B0B7306F468E54D84D79904FA2A014010DDB4@ISD-EXV03.isdads.salford.ac.uk>
To: "WAI Interest Group" <w3c-wai-ig@w3.org>
-----Original Message-----
From: Matthew Smith [mailto:matt@kbc.net.au] 
Sent: 03 May 2006 10:47
To: Lauke Patrick
Subject: Re: Text-based Captchas

Quoth Patrick Lauke at 2006-05-03 18:09...

> More generally, users may actually be confused by finding any sort of question
> not related to the task they're trying to achieve (I want to book a flight, why is
> it asking me who the President of the US is?), so this may require a careful bit of
> preamble/legend, perhaps.

I agree entirely.  My example shows how to use the code - not how it
should be implemented.  My systems is flawed, but I still regard it as
being superior to the "munged" graphics that seem to be in such
widespread use.  I have very good vision, but I often find graphical
Captchas a real pain to read.

Implementation of either my, or any other, text-based system should be
undertaken with great care and consideration.  Firstly, we must be aware
that humans, like software, can fail a Turing Test.  The questions in my
example are a bit tongue-in-cheek and are just that - an example.  In a
serious implementation, one would consider who would be encountering the
Captcha, and tailoring the questions accordingly.

Increasing the number of questions will reduce the chance of an
"undesirable agent" passing the test, but could, of course, also make it
more difficult for our human to get through.  There is no reason why one
should have to pass all tests - two out of three, for instance, could be
acceptable.

What I have described is a tool - I know it's a cop-out, but how the
tool should be implemented I will leave to others!

I should probably add that my preferred technique for confirming bona
fides is sending an e-mail with a link that has to be followed.  This
wouldn't be appropriate for Patrick's example of booking a flight, but
if I were establishing identity in that situation, I would probably do
my checks by means of a credit card.

Some food for thought, anyway.  Thanks to Patrick for the feedback.

Cheers

M

-- 
Matthew Smith
IT Consultancy & Web Application Development
http://www.kbc.net.au

Received on Wednesday, 3 May 2006 10:58:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 19 July 2011 18:14:24 GMT