: Is a CAPTCHA more effective than an open ended question such as a math question? Large company websites often use CAPTCHA to prevent spam. Why are they still using CAPTCHA if security has

@Angela700

The nice thing with captcha is that the expected answer is a randomly displayed answer inside an image. This is golden because the hacker wouldn't figure out the value since upon a simple page reload, the expected answer is (or at least should be) different.

If you use a question and answer format, then it might be easier for a hacker to guess because the amount of randomness available is less than requiring a set of random characters as an answer.

If a question and answer format must be used, then at least be strict with the answer. For example, the letters must be all lower case with no spaces between, etc.

So my answer is stick with CAPTCHA.

The higher number of characters that are required to be typed in to allow the function to continue (such as submitting a post, etc), the lower chance a hacker will be able to crack the code, however, if the number of characters is too much, you might have some frustrated users.

This is roughly how the strength works mathematically:

Each character entered is treated as an ascii code. In the worst-case scenario, the codes range from zero (for null character) to character code 255.

Then do 256 to the exponent of the number of characters in the correct code.

So if the correct captcha code expects to be of 4 characters, then the unluckiest hacker would probably need to go through roughly 4,294,967,296 different values to get the code right. The actual numbers would be different depending on how frequently the correct answer is changed.

Vote Up Vote Down

@Goswami781

It is relative. There are weak and strong captchas and weak and strong questions.

I doubt that generically either is more effective as they are the same thing, attempting to create a puzzle that a bot can't solve but a human can.

Vote Up Vote Down