validation code : Java Glossary

Introduction

aka security code. 58% of Internet traffic is generated by bots. Most of the time there is no need to block them. Sometimes there is. A validation code is a combination vision test, typing test and ESP (Extra Sensory Perception) test you must take to prove yourself worthy of using some program, signing up for a forum, submitting a PAD (Portable Application Description), sending an EMAIL, or even getting on a junk mail list. The idea is it proves you are a real human, not some malicious automaton. You have to type the deliberately distorted letters and numbers you see such as:

Is that first one v911 or v9ll? or V911? Is the second 9EC15K or 9ECLSY?

A variant asks you a multiple choice question to identify a picture. This is less stressful than a typing test.

The catch is you can’t tell o from O from 0 in isolation, or i from l from |, etc. I have complained to the creators of these torments and they ignore me. You have a similar but not so serious problem keying serial numbers and Windows activation codes. Any time you want people to key random gibberish, e.g. serial numbers, activation keys and validation codes, the number should not use the characters 0 o O 1 l. Alternatively, you can use the ambiguous letters but treat all similar-looking letters as equivalent. This does not reduce the psychological stress on the person typing however.

Under The Hood

They work by the interaction of three parts:

1. Embedded HTML (Hypertext Markup Language) markup in your webpages.
2. Captcha library code in your application server, most commonly written in PHP (Pre-Hypertext Processor).
3. A Captcha server to generate images and check results.

Though not part of the validation code, sometimes the box you are supposed to type into is almost invisible like this:

Here is an alternate form of validation code that does not require ESP to solve:

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)

You will see the technique used on Blogger. Unfortunately, the creators of these tests usually require you to distinguish 1 from l and 0 from O from o without any meaningful contexts. So they waste the user’s time with ambiguous images.

Captchas often contain punctuation or what might be punctuation. They don’t tell you if you are supposed to type it. I think you are not supposed to.

Captchas are getting harder and harder to guess every month. It took me 40 tries to get one right the other day. This is ridiculous. Captchas are like pointing a shotgun at your customers and saying Get the hell out of here! We don’t like incompetent people like you.

They require supernormal vision to decipher. They are a slap in the face to anyone over 30.

The bottom line is it usually takes me 5+ tries to get one to work. Each time the server typically erases part of my form and I have to rekey it. Each time I am convinced I have it correct. It is a great way to infuriate your customers. If you have to back up and resubmit a page, Captcha will sometimes rudely and falsely accuse you of fraud. Captchas are simply unacceptably rude. A Captcha is like placing dog poo on your welcome mat.

Friendly Captcha

I have seen a new kind of Captcha. It shows a small box. Beside it are the words I am not a robot.. You click the box, and that’s it. It somehow determines from that if you are a human or a bot. I have no idea how it works.

It is called ReCaptcha by Google.

How To Cheat on Captcha

Use a Captcha-cracking service:

• ACB Pro
• Pure Mango low tech cracking technique

Recaptcha

I intended, through obscene repetition, to make it clear I would not shed a tear if terrorists blew up the Captcha building. We users should boycott sites with outrageously difficult Captchas, especially ones that erase your keying on every attempt and let them know why.