We recently upgraded the Atlassian intranet to a pre-release build of Confluence 2.2. In the spirit of eating our own dogfood, we turned on the new CAPTCHA support, even though it’s completely unnecessary on a private wiki. This led to the following internal email conversation:
_Jonathan_
bq. Captcha on page create is INCREDIBLY ANNOYING. They’re very easily mis-interpreted. I am generally pretty good at this sort of thing, and I keep getting words wrong.


_Tom_
bq.. Hi, Jon.
Looking at the ‘engines’ jcaptcha uses they are all pretty tough. Perhaps we need to find an easier one.
p. _Jonathan_
bq.. Wow. No kidding. Those are hard.
Generally, I vote for the ones that use real words instead of random-pseudo-word-like-things. The brain is pretty good a filling in the blanks to construct words — in fact, people often read just by recognizing the shape of a word. However, if you have a word-like shape that’s not actually a word all of that hard-wired, human-specific reading ability goes for naught.
p. _Matt_
bq.. Using real words means you can use an automated dictionary attack (or OCR combined with dictionary), thus rendering it useless.
Personally, I’m in favour of a variation on kitten-auth called ‘hoff-auth’. I’m sure Jens can provide us with enough pictures.
p. (kitten-auth is a form of CAPTCHA that presents the user with nine photographs, and requires the user to click on the three that contain kittens. You can find a demo here.)
_Jeremy_
bq.. I second that suggestion! The customers will love it. 😉
I can see the caption now: “Click 3 pictures of the sexiest man alive to submit”
p. _Tom_
bq. And all of the pictures which weren’t the Hoff would be Chuck Norris
_Matt_
bq. That makes sense. Noone clicks on Chuck Norris and lives.
_Chris_
bq. I’m sorry but nine pictures of the Hoff and Chuck Norris together would be too much Awesome for any application.

An Insight Into the Confluence Development Process