We recently upgraded the Atlassian intranet to a pre-release build of Confluence 2.2. In the spirit of eating our own dogfood, we turned on the new CAPTCHA support, even though it’s completely unnecessary on a private wiki. This led to the following internal email conversation:
_Jonathan_
bq. Captcha on page create is INCREDIBLY ANNOYING. They’re very easily mis-interpreted. I am generally pretty good at this sort of thing, and I keep getting words wrong.


_Tom_
bq.. Hi, Jon.
Looking at the ‘engines’ jcaptcha uses they are all pretty tough. Perhaps we need to find an easier one.
p. _Jonathan_
bq.. Wow. No kidding. Those are hard.
Generally, I vote for the ones that use real words instead of random-pseudo-word-like-things. The brain is pretty good a filling in the blanks to construct words — in fact, people often read just by recognizing the shape of a word. However, if you have a word-like shape that’s not actually a word all of that hard-wired, human-specific reading ability goes for naught.
p. _Matt_
bq.. Using real words means you can use an automated dictionary attack (or OCR combined with dictionary), thus rendering it useless.
Personally, I’m in favour of a variation on kitten-auth called ‘hoff-auth’. I’m sure Jens can provide us with enough pictures.
p. (kitten-auth is a form of CAPTCHA that presents the user with nine photographs, and requires the user to click on the three that contain kittens. You can find a demo here.)
_Jeremy_
bq.. I second that suggestion! The customers will love it. 😉
I can see the caption now: “Click 3 pictures of the sexiest man alive to submit”
p. _Tom_
bq. And all of the pictures which weren’t the Hoff would be Chuck Norris
_Matt_
bq. That makes sense. Noone clicks on Chuck Norris and lives.
_Chris_
bq. I’m sorry but nine pictures of the Hoff and Chuck Norris together would be too much Awesome for any application.

Fresh ideas, announcements, and inspiration for your team, delivered weekly.

Subscribe now