On 7/4/07, list. rb <list.rb / gmail.com> wrote:
> There's probably a reason why this isn't used, but, I couldn't help but ask.
>
> Instead of asking the user to 'Enter what you see', why don't the questions
> vary?

Okay (says I rubbing hands gleefully :).  I'm nitpicking and with all
of these you can simply say, well that person shouldn't be using a
computer/be on the internet/speak my language/etc.

> I.e.,
> - enter ONLY the letters [A-Z] you see
My grandfather, being the math guy he is, sees A minus Z with that and
would probably spend more than the allotted seconds trying to see
through that (of course, he could just wait for the next question)
> - enter every other character
Starting with the first?  In order?  The ascii characters or the
'realized' ones?  (I keep thinking of the little play of form and
contour in some art)
> - enter the text backwards
> - enter only numbers
Depending on context I and V and X could be numbers
> - enter the number of times 'A' has occurred
Right-side up or upside-down ... sideways?
> - enter the number of vowels
I can't remember if Y is a vowel ...
> - enter the RED letters only (assuming there was color in each character)
I'm color blind!

> My assumption is that this wouldn't be user friendly? --It would definitely
> add to the complexity of cracking I would think..

It's clear there will continue to exist a give and take with security
vs. usability.  We could make all of the captcha's riddles like Gollum
holding on to his precious ring :)  What keeps going on in my head is
what truly determines whether the 'thing' on the other line is a
machine or not.  I see suggestions to use things like tradition,
commonplace, language, acceptable behavior to decide that.  Hey, if
that works for your client base, go for it!

So far, I really like Ara's solution because of how simple (on the
outside) and relatively effective it is.

Todd