Friday, October 26th, 2007
Phil Haack has a new take on using a Honeypot technique for CAPTCHA.
Honeypot takes the opposite approach, and assumes that bots will fill out form field with names that it understands:
To exploit this, you can create a honeypot form field that should be left blank and then use CSS to hide it from human users, but not bots. When the form is submitted, you check to make sure the value of that form field is blank.
The problem is that if a certain reader doesn’t take the CSS into account then users will also start putting in data. Ah, the noble goal of invisible CAPTCHA. Would this work for you?
Posted by Dion Almaer at 7:52 am