On 2020-08-27 13:15, Rich Kulawiec wrote:
- Captchas are a worst practice in security and should never be used. They can be and are defeated at will by any adversary who wants to trouble themselves to do so. They're also user-hostile. There are much better methods available for protecting Mailman instances from abusers.
I've said for some time that traditional captchas are by now almost a REVERSE test. Ability to solve them should be taken as stronger evidence that you are a bot than that you are a human, because bots are better at solving them than humans are.
Image-style captchas like reCaptcha are better, but they too have a shocking oversight: They do not scale well on increasingly-ubiquitous high-resolution displays. I'm currently using a 32" 4K monitor, and even after zooming the page as far as I can, I still sometimes have to resort to a magnifying glass to be certain whether I'm seeing a specified object somewhere in the background of one of the images.
-- Phil Stracchino Babylon Communications phils@caerllewys.net phil@co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958