Friday, February 27, 2009

Completely Automated Public Turing Test to Piss Humans Off

Okay, so it probably seems like I do nothing but gripe on my blog, but that's not true. I gripe on my blog most of the time, but only about legitimate concerns :). This one is no different. I really get frustrated by CAPTCHAs sometimes. I mean, I think it's a great idea to use them and they're very good at keeping computers from being able to submit forms, but sometimes they're good at keeping humans from submitting forms too).

So, I've devised a list of things CAPTCHA developers should keep in mind:
  1. There's no reason to have a case sensitive CAPTCHA
  2. If you insist on case sensitive captchas, letters which look the same both upper and lower case should be excluded or substitutable (e.g., o and O, x and X, m and M, s and S, etc)
  3. You shouldn't compress your letters so much that you can't tell the difference between olo, ob, and do
  4. Letters which are indistinguishable should be excluded or substitutable (i.e., 1 and l, 0 and O, S and 5, etc.)
  5. Don't make them language specific (i.e., you should be able to embed one captcha on your website and it should work for any visitor in any language
If we follow these simple ground rules, CAPTCHAs will likely retain their low false negative rate (i.e., mistaking computers for humans) and lower their false positive rate (i.e., mistaking humans for computers).

Here's a list of CAPTCHAs that usually aren't that bad:
Here's a list of CAPTCHAs I think are rediculous:

1 comment:

  1. Its a perfect guideline for a captcha control. Also i have seen problem with chars like I, 1 and 8, B. These creates confusions, i think these chars can also be avoided.