CAPTCHA? GOTCHA, more like
I had a bit of a run in with the owner of my hosting service last night regarding the password retrieval function on their forum.
The forum uses one of those image verification tests to distinguish real customers from automated attacks that fill in the form with random contents and hit submit repeatedly until they hit the jackpot. You know the kind of thing, there's an image of some garbled text and you have to type the words in the picture correctly. The one my hosts use is called ReCAPTCHA. I had the opportunity to use it for the first time last night.
in overmuch? apparently not.
Having tried and failed to log into the forum on the hosts' website, I assumed I had forgotten my password and tried to retrieve it. That's when the fun began.
Frustration turned rapidly to anger as repeated attempts at guessing the garbled words failed. One might assume the problem was that the words were too garbled, but actually they're pretty easy to read (with a few exceptions, which you can just pass on by requesting another).
No, the problem seems to be that ReCAPTCHA is a pile of poo. Check out the examples I saved and judge for yourself: am I blind and illiterate, or is ReCAPTCHAa's verdict just plain wrong? These are not occasional failures either: when I was gathering these, six out of seven repeated tries failed. One did succeed -- perhaps that's considered enough.
Better yet, have a go yourself. The site to go to is this one. That's the lost password retrieval page. There are two boxes: in the first, enter any old email address (preferably make one up). In the second, guess the words in the picture. Hit the big button below that, and tensely await the result.
If it says You have not entered an email address that we recognize then we got the words correct (yay!), and it's gone on to bitch about the fake email address. But if it says The string you entered for the image verification did not match what was displayed then we can only assume that we guessed wrong, hit back, and try again.
Hell, try a few times. If you're like me, sometimes you'll be lucky and ReCAPTCHA will turn a blind eye to your errant ways. It seems to go through patches of good will. But then its mood will change -- like that -- and it won't let anything past it. Let me know how it goes.
Oh and if you fancy trying your hand at a real challenge, try the audio version. Click on the little red speaker next to the box. You'll need sound. Go on, give it a try.
5 pictures 5 comments
Steve on 04 Feb 2010
Also: how about a feed for the comments?
:]
Ash on 04 Feb 2010
I also hit on the caching theory, but in testing here at work with a mate we seemed to disprove it. But testing again now, I think you're right: I can't get it to fail now if I religiously hit refresh every time. The page could helpfully point out that you need to hit refresh. At least that mystery is resolved. Cheers!
Yes feeds for comments, or perhaps more simply just a way to be alerted by email when someone replies to your comment.
Steve on 04 Feb 2010
Re wee ReCAPTCHA (um...): it's definitely an odd fish. One with knees.
Re commentadores: RSS FTW, BBQ. But a little checkbox "Updates by email" thingy would be nice also.
Ash on 04 Feb 2010
It's a good thing I tagged this entry with 'geek' as well as the traditional 'rant'
Steve on 04 Feb 2010
Not to quell your rant, or protect your hosts, or recappoo (although I was thinking of using it for a project I'm working on) but it seems like a problem with implementation rather than the system.
I think it's doing something odd with caching maybe.
I did ten in a row on http://recaptcha.net/learnmore.html without hitting a bad one.
Fake email addy, get words right, get "You have not entered an email address that we recognize."
Back button, try again, get "The string you entered for the image verification did not match what was displayed."
However.
Refresh lostpw page, try again, get "You have not entered an email address that we recognize." again.
IYSWIM.
Was it appropriate that the first two words that came up for me were durable and desperate? :)
I don't really like image wotsits like this, though. Pain in the butt.
Let me log in and register or do a one time link follow thing like certain ( rant filled ;-] ) web log.
Anyways, just my 2 neutrinos.