Call Ozdachs at 415.347.6479|info_request@ozdachs.biz

A CAPTCHA that Works

I’ve written about the CAPTCHAs that are getting more and more complex — so complex that soon they’ll be comprehensible only to other computer programs that were created simply to defeat the CAPTCHA. (See my Philippic on bad CAPTCHAs).

So what is a reasonable way to keep forms from being filled out by automated programs?  Right now I am voting for a simple-to-read CAPTCHA like the one used by San Francisco CPAs Sterck Kulik O’Neill for their business growth strategy seminars.

Business Growth Seminar Registration FormAs Sterck Kulik O’Neill’s web master, I was copied on the email generated by their old, FrontPage form. There was no protection, and spammers frequently filled in the form with their own sales messages.

A couple months ago I switched out the FrontPage form with a clean, simple form built with tools from Simfatic Forms.

Even though I overrode the default settings in the tool and made the CAPTCHA only 4 characters and I decreased the number of interfering lines down to 2, we have received no spam “registrations”.  The form, its field edits, and its simple CAPTCHA are doing their job… and clients are signing up for the seminars without reporting any frustrations or problems.

Of course, the seminar page is a low-priority target for spammers seeking to break into a site.  The information on the form isn’t being posted anywhere on the Internet, it’s just being emailed to the site owner.  So, high-powered spammers with the latest character recognition programs have not yet tried to exploit the form.

And, unfortunately, the CAPTCHAs in Simfatic’s tool are not ADA compliant (people with visual impairment have no option to click to hear the CAPTCHA read to them). So, we have to make sure that there’s a phone number or alternative contact method available for visually challenged people to register.

Still, for the small business web site, the simple CAPTCHA is a good, common-sense solution.  Check it out!

By |2011-06-15T09:55:24-07:00June 15th, 2011|User Interface, Web Design|0 Comments

Don’t Let Your CAPTCHA Get in the Way of Your Business

CAPTCHA examples from LastPass forumsMore and more sites are using CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) to keep spammers from registering on web sites, from posting phony comments on blogs, and from generating in-bound breast enhancement messages on forms.

I approve of CAPCHAs in general because they are simple for site users and they cut down on bogus messages, both those publicly posted and those sent to the business owner from a form.

But, enough!

CAPTCHAs are not going to be 100% effective against determined spammers, and efforts to increase the effectiveness of the CAPTCHA test has crossed the line into driving visitors away from doing useful business on some sites.

The CAPTCHAs on the right are full-size copies of ones I copied from my screen this morning when I was registering for a forum on the LastPass web site.  Once I completed the registration form, I would be sent a confirming email to activate my account — another validation step to prove my humanness.  But, I couldn’t get the CAPTCHA right in my first 6 tries.

But, look at these images!  LastPass is doing more than protecting itself from automated comments in its forums, it is driving away real-life users.

These CAPTCHAs are simply too difficult to read.

  • The colored characters are too well camouflaged by both the background color and background pattern.
  • The characters are ambiguously drawn.  8’s and B’s, numeric 0’s and alpha o’s  are possible answers for some of the drawings. How is the user supposed to know which o/0 to choose?
  • There are a variable number of characters in the images.  This makes me wonder if the CAPTCHA-generating routines were working, or if some of the CAPTCHAs are simply faulty and impossible to answer.
  • These CAPTCHAS are particularly hostile to people with visibility issues.  I am not colorblind, but the use of red and green images is plain nasty.  And, unless you blow up your screen, the images are sized for the eyes of the young.

LastPass provides great functionality and responsive customer service, but they’ve joined so many organizations in over-CAPTCHAing their web sites. And, they are far from the worst offenders.

Craigslist is at the top of my list of  CAPTCHA-crazy sites.

Admittedly Craigslist is a very juicy target for spammers and outright criminal frauds.  But, their CAPTCHAs are ridiculous.
CAPTCHAs from Craigslist
The images on the right are ones Craigslist offered to me this afternoon when I was going to post an event for my church — information about the Sunday service.

Before seeing these images, I have had to register with Craigslist. Registration includes providing them with:

  1. An email address which they validate.
  2. A telephone number which they contact with a validation code. The automated message from Craigslist comes into my phone and gives me a numeric PIN which I have to type into a validation page on the Craigslist web site.

So, with Craigslist, I have to have an active account with a checked email address and a validated telephone number.  THEN every time when I want to post an event, I have to type in a CAPTCHA.

And, look.  Some of the CAPTCHAs have foreign-language characters. Others are too blurry for me… maybe an automated character recognition program could read and type in what’s presented by Craigslist, but I can’t!

Time for Dangerous Common Sense for CAPTCHAs

CAPTCHAs are intended to make sure real humans are filling in the forms. But, soon only the character-recognition programs will be able to decode what the CAPTCHA-generating programs have created.

It’s nuts.

Designing your web site design for determined crooks is not good business!  Focusing on the crooks will cost your web site legitimate business.  Pass it on!

By |2011-06-09T12:57:04-07:00June 9th, 2011|User Interface, Web Design|0 Comments
Go to Top