Time to Kill CAPTCHA?

I doubt everyone enjoys them—especially those who aren’t so good with a mouse, those who can’t see etc. :smiley:

And of course, on mobile devices. About 30-35% of the visitors to the websites I maintain are using mobile browsers.

Yeah, the mouse on my iPhone really sucks. :lol:

If it can’t distinguish between a real person who doesn’t have a mouse attached to their computer/phone from a bot then it isn’t exactly a CAPTCHA is it.

Any CAPTCHA that requires interaction from the person is at best a very poor fourth to one that works invisibly in the background.

Now there are many software available which can read captcha. Some days ago I visited a website with new type of captcha, first user have to click on the it, and a video starts, after it captcha is shown to user., related to the video. I think it is relatively safe.

What software can read an unobtrusive CAPTCHA such as a timer test? There is nothing for the software to read with unobtrusive CAPTCHAs.

Karl Groves released an article about CAPTCHA-less security for anyone interested.

A number of things that are wrong in that article:

  1. It is not necessary to filter, validate and escape all input. It is only necessary to validate or filter input.Any form input should be validated. Any user input that has been validated does not need to be filtered. Escaping is an output function that should never be performed on input.
  2. A honeypot is a CAPTCHA, it is not an alternative to CAPTCHA.
  3. A confirmation email is a CAPTCHA, it is not an alternative to CAPTCHA.
  4. The temporary token method described is a CAPTCHA.
  5. Confirmation screens and SMS are also CAPTCHAs.

None of what that page describes is CAPTCHA less. All of the techniques used are image less CAPTCHAs.