Friday, 13 April 2007
To create an accessible captcha is not easy task because the very nature of the test creates accessibility problems because it is difficult to tell machines and humans apart. I like difficult problems that people have a hard time in figuring out the right solution Usually what I tend to do when coding for something like this is to think of a extremely simple concept and keep the code as simple as possible yet offer enough security for it to work correctly.
The Heyes method
My sample code creates a grid of 3 items with 3 checkboxes per item; this can obviously be increased in the code. The idea being is that the “Heyes captcha” tells you which items to select. If you select the correct items then you passed as a human otherwise it is assumed you are a robot. Now the Heyes captcha is recreated every time an invalid request is sent so therefore providing enough security against a brute force attack.
- Added some new security features which prevent attacks described by Trev and kuza55. Unfortunately the captcha becomes slightly less accessible because of these new features.
- 20-04-2007 – Added two classes which extends the base class, one randomiser class which places the checkboxes in a random order and then uses absolute positioning to position the checkboxes. The other class will be a fully accessible one which will use random sentences (Still under development)