NYCPHP Meetup

[Ben Ramsey]

Allen Shaw wrote:
>  > John wrote:
>  > The point of a captcha was to get past that observation (if a system
>  > built it, a system can beat it). The Captcha was to be a turing 
> test.. > something that only a human could solve.
>  > ...
>  >  this is simply not a turing test. What wouldit take to build a
>  > massive Internet database of cursive words, collected continuously and
>  > used for captchas? Universal pen input, probably. until then, what do
>  > we have?
> 
> 
> I've seen (or seen theorized) captchas that require a user to enter a 
> keyword based on three or more different pictures -- for example, show 
> the user a Frosted Flakes box cover, that famous Nike-branded golfer, 
> and a Cincinatti Bengals logo, and most users (depending on the target 
> audience) could get in by typing "tiger".  One idea was also to say 
> "three out of these 4 pictures" and then throw in a bogus picture of 
> Bambi or the Eifel Tower. I'm sure somebody could program linguistic and 
> cultural knowledge like this, but that seems a lot more "human" than 
> what these guys are able to do.  ... Um, right?

Speaking of using different recognizable images to ensure that a human 
is using the system, here's an interesting article about a system called 
PassFace, where the user's "password" is a sequence of human faces 
instead of insecure combinations of letters and numbers. 
<http://www.businessweek.com/bwdaily/dnflash/may2001/nf20010515_060.htm>

There's a demo of the PassFace system here <http://www.realuser.com/>. 
It's actually pretty neat. The beauty of it is that I can't give my 
password to anyone since it's practically impossible for me to truly 
describe each face to the degree that you can pick out my password. 
Plus, it's hard for me to forget, too, since humans naturally recognize 
faces.

-- 
Ben Ramsey
Atlanta PHP
http://atlphp.org
http://benramsey.com