image verification when logging in - why?

Discussion in 'other software & services' started by sukarof, Jul 4, 2008.

Thread Status:
Not open for further replies.
  1. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I have noticed that alot of sites have started to use image verification, you know where you have to read a picture with letters and/or numbers you have to enter besides your user id and password to log in.
    Can someone explain what it protects against? some real world scenario. I have heard something about that it protects against software that automatically logs in...
    Is that right? So if a malicious software logs in automatically on a site that doesnt have image verification, what do they do when they are in? (a forum for example) Do the result with image verification justify the inconvinience? (imo) or is image verification something site owners do just in case.

    Personally I find this very annoying and more often than not I just dont log in anymore. I use Roboform, not just because I wanted to use complicated passwords but also for the convenience it gives and these image verifications takes the latter away.
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    That is pretty much my understanding. I call them "spam bots". There is probably a more technical\proper name. I have seen many a site over run by these. Useless nonsense posts at the very least. Links to sites with questionable intent, content and\or malicious code as well.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    These are called captchas. The intent is to allow humans, but not programs, to do various activities. Programs can do some type of activities much faster than humans can. And programs are tireless and work for low (read: no) wages! For an example of why captchas are used, read this story.
     
  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Hasn't Captcha technology already been broken though? If so, I wonder why it is still bothered with? I noticed on Yahoo chat, no matter what, spam bots always made it in the rooms, Captcha or not.
     
  5. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    No Captcha has 100% being machine fooled yet.
    I think the sucess rate is something like 60% with the common ones, which is quite bad when you apply brute force that a machine is so easily capable of.

    More modern captchas a very hard to crack, recaptcha is a significant improvement - http://recaptcha.net/

    One issue is over accessibility, which I why we dont use them where I work.
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Yeah it's a back and forth issue between captcha makers and captcha breakers.
     
  7. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Thanks for your replies, and the link. I guess they want to protect them selves somehow. Hope they think it is worth it. Since it doesnt do anything for me (more than annoy me) I just stay out of those sites.
     
Loading...
Thread Status:
Not open for further replies.