I'm working on setting up a CAPTCHA on a project, and just thought about the user experience of it. I personally find them tedious, especially if they're too difficult.
Even these are pretty easy compared to most you see now a days, but look at the mess!
I stumbled upon a question from 2010, and it had an interesting answer regarding human verification methods.
The most effective solution I've ever encountered for differentiating between robots and people is to be aware of whether or not they have spent money on the internet.
To use an email as a common account identifier for this example. If you know that email has ever purchased any item online, whether it be from you, a competitor, amazon or any digital marketplace, you can be 100% certain they are a human, and not a spam bot.
This works today, and will never stop working because the cost of purchasing an item will always exceed the value of the spam that can be posted afterwards, making spam no longer economically feasible.
This is not very doable for many people who don't operate in e-commerce or related industries, but in situations where you do have that data, you have a flawless way to identify if a person is human. No more prompting them with tricky questions.
Quoted from Can we do better than CAPTCHA?
Now, obviously this would be difficult to do without the other sites having a list of way to cross check e-mails and see if they've ever purchased anything. Then you also have the dilemma of what happens if they didn't purchase anything but they are really a human.
Is cross checking e-mails against sites that list spam bots effective? If you're not on there, no CAPTCHA, and if you are, then you get a very difficult CAPTCHA that you need to pass. This again though leads to problems where new spam bots come in and can go on your site since they're not yet blacklisted.
The short (tl;dr) version of my question: Is there a more user friendly way to check if a user is human?
Answer
CAPTCHA is an example of forcing a customer to deal with a business/technical problem - an exchange of great effort for little return on their behalf. "Are you human?" often accompanies these all too common patterns.
You can do better than CAPTCHA by not questioning your customers' humanity, and instead build honey-pots to catch the bots. Honey-pots are hidden fields buried within the form that bots will 'read'. For example, a hidden check-box or input which when selected or filled-out rejects the form submission.
There is a few other technicalities to consider - i.e. method of hiding fields, randomising field names, dealing with your captive bots etc. - but reading a few good articles on the design of the honey-pot can help, for example https://www.smartfile.com/blog/captchas-dont-work-how-to-trick-spam-bots-with-a-smarter-honey-pot/
No comments:
Post a Comment