Side benefits...
Those that have had too much to drink, are safe from morning embarrassments.
A group of boffins from Carnegie Mellon University is proposing that inkblot-style patterns form the basis of a system to replace CAPTHCAs, and is offering an open challenge to see how well it works. While the CAPTCHA has been successful in preventing some forms of attack, such as comment-spam on Web forums, CAPTCHA-protected …
"I like what you did there, but more correctly it should be "birds and bees"."
I remember when my parents sat me down and gave me the talk about the birds and the bees. I didn't believe them because, well, wouldn't the bees sting the birds?
Paris. She knows about the birds and the bees.
This post has been deleted by its author
Dead thread on the forum this morning, lock icon over its topic. This website is afraid of me. I have seen its true face. The pages are extended comment sections, and the comment sections are full of flames, and when the moderators finally get sick of it, all the trolls will get banned. The accumulated filth of their rage and hatred will flood from their monitors and all the kiddies and neckbeards will look up and shout "Let us in!"... and I'll whisper "access denied".
I don't think this will work. The thing behind CAPTCHAs is defeating bulk access by restricting access to people capable of working their way through something less-than-programmatic, like a distorted picture. The big thing the GOTCHA doesn't do, it seems, is CHECK the initial response against anything reasonable.
So if a machine encounters a GOTCHA for the first time, what's to stop it from putting down a bunch of gibberish like "correct horse battery staple" and simply remembering what it used for the next time it sees the blot (quite easy with the right technique)? Even if the system checks for grammar, you could easily construct a "mad lib" type of system ("I see <NOUN> with <NOUN> and <NOUN>).
This post has been deleted by its author
Indeed. Worse yet, I see mentions of "username" and "password" as the first thing there - what the...? The whole point of a Captcha is to "authenticate" an *unidentified* user as "at least not a computer" - registered / logged in users are never supposed to see Captchas...
That'd be lovely, plz to tell this to the cretins at yahoomail who seem to think that 25 addresses is "too many". Which wouldn't really be a problem if the darned thing actually worked, you know, let me send after typing the characters multiple times.
I think you've misunderstood what it's for. It seems to be a replacement for "think of a question you'd like to be asked when you want your password reset" - Mother's maiden name or similar. You supply your set of tags for the image when you generate your password, and they show you the same image again when you want to retrieve/reset your password. You have to come up with (some of?) the same tags.
So although it's something used at account generation, it's not used by the server to verify that whoever is registering is a person - I guess you'd still need a CAPTCHA for that.
I think you've misunderstood what it's for. It seems to be a replacement for "think of a question you'd like to be asked when you want your password reset"
The problem is that the article specifically says that the GOTCHAs are supposed to replace CAPTCHAs. But the technology, as described, seems incapable of doing so.
Given that they all have mirror symmetry about the vertical centre, as do humans and our faces, and since human eyes/brains are very good at finding and recognising faces; it's to be expected that people will 'see' clowns and other anthropomorphic things. Maybe a few butterfiles as well.
Ask humans to recognise shapes and I expect the top answers would still be butterfly, bird, vase, balloon etc.
I think a far better challenge would be something like e.g. - "do these in reverse order - click on the wet dog, click on the happy cat", "click on the shape under the red square and then the shape to the right of that". Use context, spatial arrangements, emotions etc, to produce a sentence that a human could follow but a computer would have great trouble with.
I still don't see how a computer couldn't figure it out. It's just a matter of two levels of pattern recognition, and since the CAPTCHAs normally have to be made by computer in order to get out the desired level of randomness, patterns WILL emerge that a computer can exploit.
"Do these in reverse order" - Should be easy enough for a computer to recognize the word "reverse". Even if you tried a scrambled-number order combined with reverse and the occasional, "DO NOT DO THIS STEP" at the end or directional cues like "under" or "to the right", a system with enough training should be able to pick out all these gotchas. Language isn't a big stumbling block anymore as this is the first step towards decent machine translation (while while not perfect is still improving considerably over some years ago). Same for the pictures. It shouldn't be too difficult to tag a certain image (even if rotated or flipped) with "wet dog" and "happy cat".
The flaws are so numerous!
Although I'd probably be happier if they had this on the Google account login page. Google's CAPTCHA is almost impossible to read. And it pops up after like the 3rd failed drunken login attempt. I even tried the audio version once and I wondered how the Google employees thought ANYONE could understand it.
CAPTCHA is OK I guess, just Google's implementation of it is ridiculous.
Actually, I also get Google pestering me for my mobile phone number occasionally, although I've also noticed that way down at the bottom of the page, in tiny type so they'll hope you miss it, is a link reading "no, thanks".
But, yeah, seriously, cold day in Hell.
All audio CAPTCHA I have encountered are terrible. I occasionally try the audio when a site uses a ridiculously scrambled CAPTCHA, and invariably the audio is unintelligible as well. So I end up or going elsewhere if there is an alternative, or refreshing the CAPTCHA until it finally throws up a readable one if it's a site I have to use.
"Of course, if a user failed the challenge, the system would merely generate a new password, as would be the case today."
That seems to imply that if you get it right then you can get into your account without a password reset, which suggests they will tell you your old password, which means the passwords are being stored in plaintext or using reversible encryption, in which case there are probably one or two other things they should be fixing before messing around with ink blots.