I haven’t yet posted anything about my new job at Atlassian. Hopefully I will get around to it soon, but in the meantime, here’s a funny email thread amongst the Confluence developers that Charles also posted on the developer blog.
We recently upgraded the Atlassian intranet to a pre-release build of Confluence 2.2. In the spirit of eating our own dogfood, we turned on the new CAPTCHA support, even though it’s completely unnecessary on a private wiki. This led to the following internal email conversation:
Captcha on page create is INCREDIBLY ANNOYING. They’re very easily mis-interpreted. I am generally pretty good at this sort of thing, and I keep getting words wrong.
Looking at the ‘engines’ jcaptcha uses they are all pretty tough. Perhaps we need to find an easier one.
Wow. No kidding. Those are hard.
Generally, I vote for the ones that use real words instead of random-pseudo-word-like-things. The brain is pretty good a filling in the blanks to construct words — in fact, people often read just by recognizing the shape of a word. However, if you have a word-like shape that’s not actually a word all of that hard-wired, human-specific reading ability goes for naught.
Using real words means you can use an automated dictionary attack (or OCR combined with dictionary), thus rendering it useless.
Personally, I’m in favour of a variation on kitten-auth called ‘hoff-auth’. I’m sure Jens can provide us with enough pictures.
I second that suggestion! The customers will love it. 😉
I can see the caption now: “Click 3 pictures of the sexiest man alive to submit”
And all of the pictures which weren’t the Hoff would be Chuck Norris
That makes sense. Noone clicks on Chuck Norris and lives.
I’m sorry but nine pictures of the Hoff and Chuck Norris together would be too much Awesome for any application.
Update 18 Jan 2021: included and reformatted content from the Atlassian dev blog, which is now garbled and unreadable.