This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
CAPTCHA
CAPTCHA

Version management

Difference between version and

At line 1 added 29 lines
!!! Overview
[{$pagename}] is really an [Abbreviation] for __C__ompletely __A__utomated __P__ublic __T__uring test to tell __C__omputers and __H__umans __A__part
[{$pagename}] is meant to thwart one specific category of [attacker]: automated dictionary/[Brute-Force] trial-and-error with no human operator.
There is no doubt that this is a real threat, however there are ways of dealing with it seamlessly that don't require a [{$pagename}], specifically properly designed [Server-Side Login throttling schemes].
Know that [{$pagename}] implementations are not created alike; they often aren't human-solvable, most of them are actually ineffective against bots, all of them are ineffective against cheap third-world labor (according to [OWASP], the current sweatshop rate is $12 per 500 tests), and some implementations may be technically illegal in some countries (see [OWASP] Guide To Authentication).
If you must use a [{$pagename}], use [Google]'s [reCAPTCHA], since it is OCR-hard by definition (since it uses already OCR-misclassified book scans) and tries very hard to be [user-friendly|User Experience].
[We|Contact Us] Personally, find [{$pagename}] annoying (__Poor__ [User Experience]), and use them only as a last resort when a user has failed to login a number of times and [Server-Side Login throttling schemes] are maxxed out. This will happen rarely enough to be acceptable, and it strengthens the system as a whole.
!! [Password Statistics]
Stanford University conducted an interesting study examining just how effective [{$pagename}] is at minimizing that [friction].
A few takeaways:
* 3 people looking at the same [{$pagename}] agreed on the reading only 71% of the time.
* Average time to solve a text-based [{$pagename}] was 9.8 seconds.
* 3 people listening to the same audio [{$pagename}] came up with the same value only 31.2% of the time.
* Average time to solve an audio [{$pagename}] was 28.4 seconds.
* Time to solve was even longer for Non-native English speakers
!! Using Secret Questions
__Do not implement 'secret questions'__. The 'secret questions' feature is a security [anti-pattern].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop