a secure CAPTCHA-free login design

I just found out a pretty neat trick from Google Account login page

google celver fuck

Which immediately inspired me an idea: CAPTCHA-free login

The idea is simple:

CAPTCHAs sould be longer

CAPTCHAs should not be random characters, but a sentense of instructions

the instruction is like:

Bots have a slow time correctly recognizing CAPTCHAs, needless to say doing NLP well and carry out the correct actions.

You can cleverly design the CAPTCHA image distortion to trap the OCR AI program to make predictable mistakes, a honey pot that collect evidence and patterns and actively ban bad clients.

In a secret underground forum, you can compile these instructions into a code, like i3a9 means insert a 3 after te 9th character, outsiders can not enter even with the correct password.

This method also protect the user's password from eavesdropping and mass-target MITM attacks.

Comments