Home | Download | Purchase | Documentation | Contact Us | FAQ

FAQ

If the CAPTCHA images are static HTML (text), what prevents someone from capturing their patterns and building a database of images and their descriptors? Isn't this a weakness in the approach?
1. Not really. There is a property called ModifyPixels, that you may set to true, and if you do, HTMLCaptcha will make random, imperceptible changes to the pixels in the image. If you use this property, there is no guarantee that the image, although it looks static to a human, will match any certain pattern any time it is output.
2. HTMLCaptcha is a component, meaning that it was designed to build functionality into other programs. As such, it can be implemented in many different ways. For instance, the images output from HTMLCaptcha are static, but the color values can be manipulated by a simple search-and-replace or Regex -- so a programmer can randomly alter the images on the fly. Also, developers may choose to output two or more images in different positions on the screen, and use a logical phrase to indicate to the user which image the descriptor list will match (i.e. "Which descriptor in the list best matches the BOTTOM image?"). HTMLCaptcha is by no means limited to the simple example used in the Help file.

3. If you use HTMLCaptcha exactly the way the examples in help describe -- that is, output a single image to the screen and offer a single descriptor list -- someone could associate the image text with the appropriate descriptor, and build a database of the correct answers to circumvent your site. However, because the output is randomly selected there is no guarantee that you are not going to get the same image over again. You cannot expect to refresh a page with HTMLCaptcha on it and get a new image every time. There will generally be repeats.

Why not just use HTML to output random text and numbers, like all the other CAPTCHAs you see?
Converting an image to HTML is really just mapping each pixel in the rectangle to a corresponding <div> with the appropriate color. While this is a fairly new approach and would stop any current technologies that are expecting actual images, it won't be long before someone realizes that you can take the <div> statements and either process them like an image, or convert them to an image and apply OCR techniques to break them.

Also, the more difficult the skewed text is for a computer to read, the more difficult it is for a human to read. In talking with people about CAPTCHAs, I have often heard the statement, "Yeah, I have a hard time reading them sometimes." Pictures as CAPTCHAs provide an easier experience for the user, if done correctly and carefully.

Have a question not answered here? Check our mailing list, and ask there.