5

We've got plenty of argument that CAPTCHA can easily be beaten, and that they introduce usability problems to users. People say that because they can be broken, they shouldn't be used.

So if you've chosen to deploy CAPTCHAs on your forms, do you keep track of the number of users who fail (and who are therefore either robots or insufficiently advanced humans)? What rate of failures occur? Is the likelihood of failure high enough to justify the effort (and cost to legitimate users) of deploying the CAPTCHA?

Community
  • 1
  • 1
    I don't have any statistics so I'm not gonna answer. "Is the likelihood of failure high enough to justify the effort of deploying the CAPTCHA?" This really is a moot point though imo. Most web application frameworks have libraries that make adding captchas as simple as a one or two lines of code. It really is a matter of usability when it comes to deploying captchas. –  Jun 04 '13 at 16:25
  • @TerryChia in which case I've made it explicit that CAPTCHAs still have costs. –  Jun 04 '13 at 16:25
  • 2
    I just have this anecdote. About a month ago, Skrill (MoneyBookers) removed their CAPTCHA ([screenshot from the announcement email](http://i.stack.imgur.com/NPoHa.png)). After some discussion with a developer for a high value client that uses MoneyBookers' API, turns out that the main reason they removed is because the usability problem outweighed brute-forcing protection from CAPTCHA, so they implemented better rate-limiting. – Adi Jun 04 '13 at 16:50
  • 1
    Here are some numbers on the effect of CAPTCHA failed attempts on conversion rates with other stats: http://moz.com/blog/captchas-affect-on-conversion-rates And here are more numbers on the same matter http://www.90percentofeverything.com/2011/03/25/fk-captcha/ – Adi Jun 04 '13 at 16:59
  • 1
    Welcome back, Graham! Unfortunately, I see a few problems with this question. First, it's really three separate questions: "Do you track CAPTCHA failure rates?", "What are the CAPTCHA failure rates observed?", and "Is the failure rate reasonable?". The first and second are polling questions, which are against StackExchange policies. Even if objective sources could be found for this data, the statistics will vary across those sources and over time. The last question is one that is up to each admin and scenario - nobody here can give one answer that's usable to everyone. – Iszi Jun 04 '13 at 17:30
  • I think if you are asking the last question you may want to ask yourself what other tools are out there to prevent bots, which of these can work together, and would they inconvenience the user too much. Some alternatives include honeypots and [Asirra](http://research.microsoft.com/en-us/um/redmond/projects/asirra/) an image based captcha system by Microsoft. – Travis Pessetto Jun 04 '13 at 19:21
  • Hi @Graham, I think a better variation on your question - and one worth reopening - is *should* these stats be tracked, and how to respond to them. Or, what are the factors or trade-offs in the decision to implement craptcha or not. – AviD Jun 05 '13 at 17:41

0 Answers0