I don’t like captchas and will never force them on my customers. With AI, captchas will become increasingly useless anyway. See also, John Mulaney: “I’ve devised a question no robot could ever answer…Which of these pictures does not have a stop sign in it?”
Paul Campbell @manton — This might be of use as a secondary layer https://github.com/BaseSecrete/active_hashcash
Manton Reece @paulca That looks good, thanks! I don't use Rails but maybe I can adapt the ideas.
Paul Campbell @manton — Yeah, hash cash is conceptually extremely simple, and you have the ability to dynamically increase the difficulty in response to repeated failed attempts. Very clever.
Steve Sawczyn Thank you for not embracing CAPTCHAs, they're an accessibility nightmare. Getting locked out of something or other because of an inaccessible CAPTCHA is sadly a frequent occurrence for me. CAPTCHAs suck the joy right out of an experience.
Jade van Dörsten The tech to replace CAPTCHAs is already here with the Privacy Pass Protocol and, by extension, Private Access Tokens. Essentially, use device data points to build entropy that’s indicative of human behavior.
For reference:
- WWDC22: Replace CAPTCHAs with Private Access Tokens
- Cloudflare: Private Access Tokens: eliminating CAPTCHAs on iPhones and Macs with open standards
It seems only Apple and Cloudflare are pushing for these standards; more adoption is needed.