需要易于使用但安全的验证码的建议/想法 [英] Need suggestions/ideas for easy-to-use but secure captchas
问题描述
首先,我非常了解与验证码相关的安全性/可用性折衷,因此不需要任何解释。
我知道 reCAPTCHA 是验证码技术的最新技术,但由于用户难以阅读失真的单词,我们只是不想在我们的网站上使用它。我们的网站是为学生提供在线实时课程的学习门户,因此用户将是学生(证书级别)和教师。
我一直在寻找不同的想法,并发现了一些好主意,例如:-
-
芝麻街解决方案,如 http://www.usereffect.com/topic/2009-07-13-captcha-is-there-a-better-way 。 -
问一些对人类来说很容易的问题,例如哪个口味更好。但是为了安全起见,我需要存储多少个此类问题?
我问这个问题的目的是获得尽可能多的想法。我认为在最终确定之前,我仍然可以分析很多用户友好但安全的方法。
请参考以下内容,重点介绍您建议的方法的优缺点垃圾邮件机器人的工作方式。我不太了解他们的许多优点和缺点。
谢谢
Sandeepan
阅读扭曲的单词是一回事,但也要求合法用户输入类似的东西可能会很烦人。因此,不要用反垃圾邮件措施给用户增加负担很重要。
Damien Katz使用了负面验证码以阻止垃圾邮件机器人。此技术也称为蜜罐字段,易于实现,不需要用户执行任何操作。
更复杂的蜜罐实现是描述的://nedbatchelder.com/text/stopbots.html rel = nofollow noreferrer>。它涉及随机字段名称和散列值,以确保漫游器不会篡改表单。
在他的文章中,他指出了以下内容:
垃圾邮件制造者不会制造可以发布到任何形式的软件,而是制造可以发布到许多形式的软件。
因此,仅需简单的技巧即可将大多数垃圾邮件机器人混淆。
关于芝麻街解决方案,提出简单的问题或选择列表中正确的动物:垃圾邮件机器人很难回答这些问题,但用户也可能很难回答。特别是如果您的网站吸引了国际观众,则使用英语以外的第一语言的人可能很难理解这些问题。对您的听众来说,这可能不是问题,但要记住这一点。
To start with, I am well aware of the security/usability trade-off associated with captchas and do not need any explanation on that.
I know that reCAPTCHA is the state-of-the-art in captcha technology but we just do not want to use it for our site because of the difficulty faced by users to read distorted words. Our site is a study portal for students offering live online classes, so the users will be students (leaving certificate level) and teachers.
I have been searching for different ideas and found some good ones like:-
The Sesame Street Solutionas given in http://www.usereffect.com/topic/2009-07-13-captcha-is-there-a-better-way.Asking questions which are very easy for humans like "which one tastes better or ". But how many such questions do I need to store to be safe?
My purpose of asking this question is to get as many ideas as possible. I think there are still a lot of user-friendly but secure ways I could analyse before finalizing.
Please highlight the pros and cons of the method you suggest with reference to the way spam bots work. I am not much aware of many of their strengths and weaknesses.
Thanks,
Sandeepan
Reading distorted words is one thing, but also asking legit users to enter things like this can get quite annoying. So it's important you don't burden the user with anti-spam measures.
Damien Katz has used a negative captcha to stop spam bots. This technique, also called honeypot field, is easy to implement and doesn't require the user to do anything.
A more complex honeypot implementation is described by Ned Batchelder. It involves randomized field names and hashed values to make sure bots haven't tampered with the form.
In his article he states the following:
Spammers don't make software that can post to any form, they make software that can post to many forms.
So it only takes a simple trick to confuse the majority of spam bots. A little bit more magic will take care of the remaining bots.
Regarding the Sesame Street solution, asking simple question or selecting the correct animal from a list: these are questions that are hard for spam bots to answer, but they can be difficult for users as well. Especially if your site has an international audience, people with a first language other than English may have trouble understanding the questions. It may not be an issue with your student audience, but it is something to keep in mind.
这篇关于需要易于使用但安全的验证码的建议/想法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
