this post was submitted on 23 Nov 2024
16 points (100.0% liked)

Blind Main

490 readers
2 users here now

The main community at rblind.com, for discussion of all things blindness.

You can find the rules for this community, and all other communities we run, here: https://ourblind.com/comunity-guidelines/ Lemmy specifics: By participating on the rblind.com Lemmy server, you are able to participate on other communities not run, controlled, or hosted by us. When doing so, you are expected to abide by all of the rules of those communities, in edition to also following the rules linked above. Should the rules of another community conflict with our rules, so long as you are participating from the rblind.com website, our rules take priority. Should we receive complaints from other instances or communities that you are repeatedly, knowingly, and maliciously breaking there rules, we may take moderator action against you, even if your posts comply with all of the rblind.com rules linked above.

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] fastfinge@rblind.com 7 points 3 weeks ago (1 children)

Proof of work is pretty good. Also, email and phone number verification can reduce the need for this type of verification at all. Similarly, punting the problem to someone else and allowing login via Apple/Facebook/other open ID provider can help. Apple also has a system for verifying that a request comes from a real apple device that services like cloudflare use. But if you have to do it yourself, the key is offering a visual captcha, an audio captcha, and a text-based captcha. Also, try to maintain a trust score for both accounts and IP addresses. Captchas have to made so difficult today to keep out the bots that you need to make sure your users only have to solve them once. As well, if I know the captcha will only happen once, while it’s not ideal, I could request help with it. But if the captcha is on every login, or once a day or whatever, I can’t. Between proof of work, rate limiting, and email verification, and trust scores, 99 percent of captchas aren’t needed and aren’t doing anything. So the first step is understanding the problem you’re trying to solve, and determining if a captcha is the best way to solve it at all. It probably isn’t.

[–] CameronDev@programming.dev 4 points 3 weeks ago

Thanks for that info. Fortunately, I probably wont ever need to implement any form of anti-bot myself, but still good to know what works well.

Captchas are definitely getting very hard, even for non-blind users. Getting "Click on all the bicycles" and missing the 5 pixels tall bike and having to restart is very frustrating.