2. What is CAPTCHA?
C ompletely
A utomated
P ublic
T uring test to tell
C omputers and
H umans
A part
3. Why use CAPTCHA?
To prevent automated software (i.e. 'bots') from
performing any type of submission on a
website.
Most common attacks:
● Account Registration
● Comment Spam
● Dictionary Attacks
● <any other type of form here>
4. Examples of CAPTCHAs
● Simple Image CAPTCHAs
● reCAPTCHA
● Voice CAPTCHAs
● Game CAPTCHAs
● KittenAuth
6. reCATCHA
"reCAPTCHA improves the process of digitizing
books by sending words that cannot be read by
computers to the Web in the form of
CAPTCHAs for humans to decipher."
10. Alternatives to CAPTCHA
● Math and Word Problem CAPTCHAs
● The JavaScript Trick
● The CSS Trick (Honeypot)
● ???
11. Math & Word Problems
Is fire Hot or Cold?
What does 1+3 =?
3 + _ = 5?
My name is Jason Stiles. What is my last name?
What color is the sky?
12. The JavaScript Trick
Add a field to a form dynamically with
JavaScript and hide it from the User. Check on
the server-side if the field was submitted.
Most bots can't execute JavaScript, so the field
won't exist and thus the test will fail (for the
bot)!
13. JavaScript Code
function addFieldTo(form_id) {
var form = document.getElementById(form_id);
var textbox = document.createElement('input');
textbox.type="text";
textbox.name="test";
textbox.style.display="none";
form.appendChild(textbox);
}
14. The CSS Trick (HoneyPot)
● Bots like to make sure they fill out every field
on a form to better their chances of
submitting a form.
● This trick places a simple input field on the
form again and hides it from humans.
● The form handler then simply checks to see
if the field is blank upon submission.
● If it is, we can say it was a human! If not, it's
a bot!
15. Remember this!
Humans FIRST!
Bots SECOND!
Websites are for humans to use, not bots. Make
sure your tests don't degrade the experience for
your visitors!