Frequently Asked Questions
What is CAPTCHA
Problems with text based CAPTCHA
Benefits of VidoopCAPTCHA
Security
Configuration
Installation
What is CAPTCHA
Q: What does CAPTCHA stand for ?
A: Completely Automated Public Turing test to tell Computers and Humans Apart
Q: What problem is CAPTCHA designed to address?
A: CAPTCHA is a type of challenge test used to ensure that the response is human and not generated by a computer. This means CAPTCHAs should prevent automated software from performing actions which degrade the quality of service of a site. For example, CAPTCHAs are used stopping automated posting to blogs, forums and wikis.
Q: What does CAPTCHA commonly prevent?
A: Remember VidoopCAPTCHA is FREE, yet highly effective and can prevent the following:
- Comment SPAM
- Registration SPAM
- Scrapers from stealing e-mail addresses
- Securing Online Polls
- Contact SPAM
- Dictionary password search attacks
- Servers getting bogged down by SPAM and malicious scripts
- Search engine bots from accessing private web pages
Q: What is VidoopCAPTCHA?
A: VidoopCAPTCHA is a verification solution that uses images to distinguish a human from a computer program. By verifying that users are human, your site and your users are protected against malicious bot attacks that can degrade performance and require remediation time. VidoopCAPTCHA is easier on the user when compared to the more traditional text based CAPTCHA and best of all is FREE to the web site.
Problems with text based CAPTCHA
Q: Specifically, what problems exist with current text based CAPTCHA’s ?
A: There are several usability issues with text based CAPTCHAs. These issues are:
- Distortion: Confusing characters
- Content: Unfamiliar character sets used, string length, random string of letters, non predictability
- Presentation: Unfamiliar font type and size issues, image size, poor colors and web site integration
The result is that some images maybe too hard for some humans to read even groups who would not consider themselves as having sight issues. The CAPTCHAs have become ‘Human Proof’
For example these are from Microsoft’s Live.com signup page:
Q: How bad is the usability problem?
A: The problem is that making Captchas more difficult shuts out more and more legitimate users. As the hackers have become better, the CAPTCHAs have had to become more difficult. According to a report in VirtualBlight:
“Today, 20% of state-of-the-art Captchas are not solved correctly on the first try (and often, there’s no second try). At the same time, bots have evolved to the point that commercially available software can successfully defeat the most difficult Captcha 10-15% of the time.”
Benefits of VidoopCAPTCHA
Q: How is VidoopCAPTCHA different from other CAPTCHA solutions?
A: Most current CAPTCHA solutions rely on distorted text where it is difficult for computers to recognize the letters. Unfortunately for these solutions, advances in software research are making computers very good at recognizing nearly any letter that a human can. With a conventional text-based CAPTCHA, making it more difficult on computers makes it more difficult on humans as well. As hackers have gotten better, the CAPTCHAs served up to defeat them have got harder to the point where they have become ‘Human proof’.
Q: Why should I switch from traditional CAPTCHA to Vidoop’s alternative?
A: Vidoop’s method is effective at stopping spam but is MUCH easier for users to use which means no more frustration, no more defection. These are the main benefits:
| For web users |
|
| For website IT managers |
|
| For website marketing managers |
|
Security
Q: How does the security of VidoopCAPTCHA differ from other CAPTCHA solutions?
A: Unlike conventional text based CAPTCHAs, VidoopCAPTCHA is an IMAGE based CAPTCHA and relies on human ability to recognize then classify images into common categories such as “dog” or “airplane” or “castle”. While some software does exist that enables computers to analyze images, the software is always specialized for very particular recognition or identification tasks—that is, it’s nearly impossible today to implement a general image categorizer.
The inventors of the popular text-based CAPTCHA system, reCAPTCHA, claim that they beat a 1/10,000 guessing rate. As you can see from the charts below, even in the situation that hackers possess image recognition software that can identify the alphabetical letters present on a VidoopCAPTCHA image grid, VidoopCAPTCHA has several modes that beat a 1/10,000 guessing rate, in many cases by a significant margin. If they don’t possess image recognition software with those capabilities, VidoopCAPTCHA is even harder to crack. Note all examples below assume the user enters categories in a predefined sequence.
| 3 x 3 | 4 x 3 | 4 x 4 | 5 x 4 | 5 x 5 | |
| 3 categories | - | 1,320 | 3,360 | 6,840 | 13,800 |
| 4 categories | 3,024 | 11,880 | 43,680 | 116,280 | 303,600 |
| 5 categories | 15,120 | 95,040 | 524,160 | 1,860,480 | 6,375,600 |
Q: That’s a wide variation! Which of those is strong enough for me?
A: There are about three different situations you may find yourself needing CAPTCHA to address.
The first is that you’d simply like fewer fake sign-ups or fewer spam comments on your blog. In many cases, the current spam volume is very low, and you don’t want to hassle your legitimate users with any task that might frustrate their experience on your site. In this case you’ll see a sharp decrease in automated activity even if you implement one of the simplest options from the table above—for example, 4×3 using 3 categories.
The second situation is that you want to make life pretty tough on bots, but you don’t have any dedicated enemies or other reasons to go with an especially aggressive configuration. In those cases, you should see most of your spam go away if you use one of the 4 category solutions from the table above.
Finally, if you have dedicated attackers, possibly because there is commercial benefit from picking on you (such as the spam blocking immunity that an attacker gets by sending spam from a legitimate gmail account), you’re going to want to go with one of the particularly strong solutions from above. Unlike reCAPTCHA, whose maximum strength cannot be higher than the size of their dictionary of control words (which consists of approximately 100,000 words), you can see that by increasing the size of the grid of images or the number of categories a user is required to find, you can scale our security arbitrarily high without introducing the awful usability of the most complex forms of squiggly text.
Configuration
Q: So what do I need to consider in configuring VidoopCAPTCHA?
A: The site operator needs to determine the right tradeoff between user effort vs. spam blocking, and unlike other CAPTCHAs, VidoopCAPTCHA is highly configurable, meaning that the operator can determine and subsequently alter the following:
- Category number
- Number of grid squares
- Color
- Grid size
Installation
Q: How can I get it?
A: It’s Easy. VidoopCAPTCHA is a Web service. You just need to add some code on your site. We already have plugins available for WordPress, Ruby on Rails, and Drupal, and libraries for programming languages such as PHP, Python, and .NET. You can be up and running with VidoopCAPTCHA within 30 minutes.
Q: Can VidoopCAPTCHA be translated to other languages?
A: Yes. If set up by the web site administrator, VidoopCAPTCHA can give instructions and category names based on the user’s default language settings in their browser. Besides English, Japanese is currently supported. It’s easy to create additional translations for the language of your choice. If you have a translation recommendation, please edit a version of our API messages file and send it to api@vidoop.com for approval.
Q: What does VidoopCAPTCHA cost?
A: It’s totally FREE. Even better than this we allow the web site to display a branded image of their choice. This delivers real brand value on a habitual behavior – the users must actively seek out your brand.
Q: How is VidoopCAPTCHA Authentication available to blind users?
A: We hope to have this functionality available shortly.