Does your public facing web site validate that a connected client is a person and not an automated bot? Usually you see a web site confirming that the connection on the other end is a user when there are credentials being provided, such as setting a password, or creating a user profile.
One of the things I have found interesting in the recent months is the emergence of the Google reCaptcha bot/human detection tool. I’m sure you’ve probably used it. I’m sure, if you’re like me, you’ve been frustrated with it more than once. “I CLICKED THE RIGHT PICTURES…WHY ARE YOU PROMPTING ME AGAIN!!!”
However, this is a giant leap of the predecessor tools where they would ask you to key in a series of letters, numbers or a combination. You had to type it in to match exactly, but the text in the image was distorted to make it difficult for bots to answer. It actually had the reverse effect. Bots eventually became more proficient than people. With distortion it is even harder to tell if a character is upper or lower case.
So, we moved to pictures that can change frequently. Things that a human can recognize more easily than a bot. I’m sure you could write a bot to determine images as well, but it would probably take a computer grid to calculate a single answer in a reasonable time.
We’ll, I have recently completed my first application using reCaptcha, and I have to say that the experience was quite pleasing. It is easy to implement, and you don’t have to come up with all the code to make it work. So, if you have a public facing application and want to validate that the connection on the other end is not a bot, reCaptcha is a pretty good tool for now. We’ll see how long it stands up to the ever vigilant hacker.
Cheers,
Ben