Lately I’ve been coming across captcha that are impossible to solve. That is, assuming perfect eyesight, the letters are just too obscured to be recognisable. After a few refreshes you find a solvable one, but then you ask yourself if what you are trying to access was worth the hassle.
If this level of unreadability is currently required to keep out the bots, then surely the captcha is at the end of its life?
I feel intuitively that there should be a process that doesn't rely on images, and can be "done" by an algorithm, but only "undone" by a human. For accessibility it would have to be some sort of word puzzle, but I can't think of one that fits the requirement of being completely automatically generated.
I understand that sites face different levels of threats, ranging from opportunistic to focused attacks, but as an anti-bot technique, is the captcha eventually going to go the way of the blink tag?
I find a short easy to read captcha in a clear font does wonders for comment spam. In fact it was 100% effective. The again my blog is never going to be a top target for spammers. It's all about choosing the right tool for the situation.
Captcha probably have the worst impact on accessibility, and yet seem to be the first anti-spam device deployed.
I think there are better techniques to stop the opportunistic naive bots, and against determined spammers they are worthless anyway.
For example, have you tried a blank hidden form field, or a tick box with the label "Are you human?". These will probably be just as effective in the case of your blog.
Richard, regarding your word puzzle; The captcha necessarily needs to have a lot of possible states. You could conceptualize a captcha as a single use password, and just like a password it is better to have a random string rather than a dictionary word. Puzzles such as pick the odd-one-out have two problems. The first is that they can't be fully automatically generated, and secondly they have a limited number of states so a bot can just guess the right answer.
In the end, a determined bot writer can post to any reasonably human accessible web-form, so it's best to clobber them after the event using moderation. At least that is the route I’m pursuing on this site. A simple to use moderation system that everyone can enjoy using, should keep the incentive to spam fairly low.