1

I am trying to find an easier CAPTCHA to use with my website. I currently have reCAPTCHA but the users are struggling to get the words right the first time.

I have came across Confident CAPTCHA (here) and would like to know what you guys think about it.

  1. Has anyone used it before?
  2. How safe is it?
  3. Are there similar CAPTCHA's, excluding reCAPTCHA?
doubleDown
  • 8,048
  • 1
  • 32
  • 48
Captain0
  • 2,583
  • 2
  • 28
  • 44

2 Answers2

4

Interesting captcha, I have not seen this one before.

I will try to address your second question about How safe is it?. There are no docs available or sample code to check so the analysis is based on using it a few times.

It seems like it should be reasonably secure. I see that it uses a 3rd party service, so you will rely on API calls to generate the HTML markup and validate the captcha.

In their demo, you are required to choose 4 images out of a total of 9 which means the probability of guessing the correct value is about 0.000330688% (1/9 * 1/8 * 1/7 * 1/6).

It essentially works by creating an alpha captcha code based on the sequence of images you choose. So the server generates a random challenge (cat, vehicle, drink, house) and associates each element with a random letter from the range [A-Z].

Clicking the sequence of images creates a captcha code based on the letter assigned to each image (e.g. PKIR) if cat = P, vehicle = K, drink = I, house = R that gets placed in a hidden input and submitted with the form.

Therefore the only way to pass the captcha is to come up with a code that agrees with the sequence of images on the server side.

I would conclude it is relatively secure in that there is no way to defeat the captcha solely on the client side (see this question for example). Since there is no reason for them to ever present anything related to the solution to the client (browser); it would seem logical that the only way to get the correct captcha code is to select the correct images in the correct sequence.

Conclusion:

  • At first glance, the captcha seems secure (no easy bypasses).
  • This specific captcha may be more difficult to farm out to human solvers (a positive)
  • Depending on the number of objects and images in the database, it may be possible to generate a database of words to images.
  • One potential downfall to the captcha is that certain words may require a moderate level of understanding the English language; non-English speaking users may be completely cut off or at least have to put in additional effort to translate words to their native language.
  • You may want to do a usability check of this captcha on mobile devices (just a thought).

That's my 2 cents, I hope that helps you out.

Community
  • 1
  • 1
drew010
  • 68,777
  • 11
  • 134
  • 162
  • Thanks drew. It really helps. I think i am going to use this captcha. Luckily my taget audience will understand english quite well. Once again thanks for a brilliant answer. – Captain0 May 30 '12 at 05:07
0

I'm using it with ads and well, this is very secure.

About english language, the api support many languages and adapt the questions based on the browser language.

I have used GoogleTranslation to help people who have spoken language out of the ConfidentCaptcha reach.

No problem so far. They are very responsive, a very good support.

About mobile, if you don't use ads, you have a special mobile mode, which make it very easy and adapted to the tiny devices.

Alexander Vogt
  • 17,879
  • 13
  • 52
  • 68
Celogeek San
  • 129
  • 1
  • 2