Chapter 34. CrAP-TCHA and the Usability/Security Tradeoff
Over the past few years, most online signups have involved CAPTCHAs, perhaps the security technology with the worst acronym: Completely Automated Public Turing test to tell Computers and Humans Apart.
It’s understandable that Google might want to see if it’s a human signing up for that account or some automated program—bad guys would love to have lots of Gmail accounts to be able to send spam through.
Similarly, I can understand why ticket agencies like Ticketmaster might require you to confirm that you’re a human before every purchase. Who wants ticket scalpers writing programs to automate buying tickets (well, besides the ticket brokers)?
But come on, don’t these things make life horrible? I signed up for a Gmail account, which I use to look at my daughter’s blog and post comments. Every single time I want to post a comment, I click Submit, and I get a pop up with a CAPTCHA, like the one shown in Figure 34-1.
Why the heck do I have to click two buttons (one to submit the comment and another to submit the word verification)??!! And it is a pain in the neck to type. I usually just don’t bother commenting on a blog if I have to see one of these (though I do make an exception for my daughter).
The idea behind a CAPTCHA in this situation is to prevent bad guys from spamming blog comments. But is that benefit ...