As I mention in, “Who is That on Your Website: Man or Machine,” a CAPTCHA is any automated process designed to differentiate between human and computerized posters.

CAPTCHA is especially useful for protecting your online forms, though it can also be helpful in keeping spammers from hijacking your blog, forum, or sign-up procedures.

Depending on your security needs, different kinds of CAPTCHA may be preferable.

Pre-built CAPTCHA

If there is a reason why someone would want to create multiple accounts on your page or frequently access some of your restricted information, you will want CAPTCHA which is harder to defeat.

There are a number of pre-built CAPTCHA suites designed for just such circumstances, and many have a multitude of designs so that you can find one that fits with your site’s overall motif.

However, precisely because each CAPTCHA suite of this sort is used to protect multiple websites, hackers will constantly look for ways to defeat them.

Before investing in a pre-built CAPTCHA, you should conduct a web search to confirm that it cannot yet be reliably bypassed.  You repeat this process every couple of months so long as you stay with the same test.

Custom CAPTCHA

Most spammers have no particular investment in your site.  That’s part of why we dislike them so much.  The same message that they send to you they also send to thousands of others without so much as glancing at any of the sites.

This means that if you protect your blogs, forums, and other feedback forms with a unique CAPTCHA, spammers will usually leave your site alone.  It doesn’t matter how simple it is to bypass your protection, the fact that the spammer would have to spend time doing so at all means that they won’t bother.

On the other hand, if you offer some sort of resource that a spammer could use (like free e-mail accounts, or the ability to re-route their signal through a different address), a simple CAPTCHA will be insufficient to secure your system.

More complex custom CAPTCHA systems can be programmed.  But the cost can add up fairly quickly, and you need to make sure that whomever writes the program is considering accessibility as well as security.

Re-CAPTCHA

Re-CAPTCHA is a special CAPTCHA process put together by the folks at Project Gutenberg (who are trying to digitize as many old texts as possible).

As part of their main mission, they use cutting edge text recognition software (OCR) to turn old books into text based computer files.  While this usually works without a hitch, every so often their computers will be unable to determine what a smudged or warped word should mean.

They pick out these “indecipherable” scans and send them on to Re-CAPTCHA.

This means that all the words that appear as part of a Re-CAPTCHA site protection system have already defeated the current generation of text recognition software.  However, just to be sure, Project Gutenberg adds additional warping to the words to make them harder for computers to recognize.

In addition, they make it point to mix words that have been successfully interpreted with those that have not yet been converted.  In this way they use people’s CAPTCHA answers to help them interpret words that their computers could not.

However, reCAPTCHA places it’s brand mark on all its interfaces, so it may not be the best design solution depending on your needs.

Cost, Threat, Security, and Design

When determining which sort of CAPTCHA is right for your sight you should determine what sort of individuals might threaten the site, what level of security is necessary to keep them at bay, and how expensive the possible solutions are.  Once you have determined that multiple solutions provide adequate protection, that’s when questions of design can be brought into play.

If you have any other questions about CAPTCHA, please ask them here.