Wednesday, July 02, 2008

CAPTCHA: Is There A Better Way?

Developing a more usable CAPTCHA ...

"You may have never heard of a CAPTCHA, but if you spend any time on the internet, you've definitely seen one. CAPTCHAs most often take the form of distorted words that a visitor has to type in to complete an action, and are designed as a test to tell humans from programs.

The current state-of-the-art of is reCAPTCHA, pictured below:

Current CAPTCHA - Usability, User Interface Design


From a usability standpoint, CAPTCHA represents a hurdle for human visitors. While people who design CAPTCHAs are trying to solve a very real and difficult problem, the war against malicious programs and spammers has escalated to the point where it has a human toll, and we need to seek out alternatives.

The Captcha Arms Race

Unfortunately, the current incarnation of CAPTCHA is a losing proposition. Originally, it made sense to use reading to tell humans from programs; reading is easy for most people and difficult for computers, and words represent an almost unlimited task variety. Unfortunately, as computers get faster and programmers get more creative, creating a secure, word-based CAPTCHA means making the reading task increasingly more difficult, which adversely effects human users. Computers are getting better and better at reading all of the time, while our reading ability as adult humans stays roughly the same (and often gets worse as we age). Logically, it's only a matter of time before simple, word-based CAPTCHA is completely ineffective.

The Sesame Street Solution

So, how do we up the difficulty level for computers without hurting people? For word-based CAPTCHA, we've really only followed one path: making the words more and more difficult to read. What if, instead of making the answer more difficult, we focused on the question?

If you ever watched Sesame Street you probably remember the game "One of these things is not like the other." We humans are naturally good at detecting differences; it's an evolutionary necessity and built into many of our sensory systems. Consider the examples below:

Detecting Differences - Usability, User Interface Design

Detecting Differences

In all of these, you can easily tell which of the 3 words is different. Now, consider asking a computer the question: "Which word is different?". Current technology could easily read the three words in every example above, but how does a machine parse the word "different"? Does it mean red, bold, italicized, green, underlined?

By making the question ambiguous, we've added a layer of difficulty for machines that's easily resolvable for humans. This "Difference CAPTCHA" could allow us to increase the level of security without increasing word distortion. Granted, it's not a perfect solution, and has many of the issues CAPTCHA currently has, but it taps a strength of human brains and at least buys us a bit more time in the arms race."    (Continued via User Effect)    [Usability Resources]


Post a Comment

<< Home

<< Home