<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is really an [Abbreviation] for __C__ompletely __A__utomated __P__ublic __T__uring test to tell __C__omputers and __H__umans __A__part

[{$pagename}] is meant to thwart one specific category of [attacker]: automated dictionary/[Brute-Force] trial-and-error with no human operator. 

There is no doubt that this is a real threat, however there are ways of dealing with it seamlessly that don't require a [{$pagename}], specifically properly designed [Server-Side Login throttling schemes].

Know that [{$pagename}] implementations are not created alike; they often aren't human-solvable, most of them are actually ineffective against bots, all of them are ineffective against cheap third-world labor (according to [OWASP], the current sweatshop rate is $12 per 500 tests), and some implementations may be technically illegal in some countries (see [OWASP] Guide To Authentication). 

If you must use a [{$pagename}], use [Google]'s [reCAPTCHA], since it is OCR-hard by definition (since it uses already OCR-misclassified book scans) and tries very hard to be [user-friendly|User Experience].

[We|Contact Us] Personally, find [{$pagename}] annoying (__Poor__ [User Experience]), and use them only as a last resort when a user has failed to login a number of times and [Server-Side Login throttling schemes] are maxxed out. This will happen rarely enough to be acceptable, and it strengthens the system as a whole.

!! [Password Statistics]
Stanford University conducted an interesting study examining just how effective [{$pagename}] is at minimizing that [friction]. 

A few takeaways:
* 3 people looking at the same [{$pagename}] agreed on the reading only 71% of the time.
* Average time to solve a text-based [{$pagename}] was 9.8 seconds.
* 3 people listening to the same audio [{$pagename}] came up with the same value only 31.2% of the time.
* Average time to solve an audio [{$pagename}] was 28.4 seconds.
* Time to solve was even longer for Non-native English speakers

!! Using Secret Questions
__Do not  implement 'secret questions'__. The 'secret questions' feature is a security [anti-pattern]. 

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>