Captcha passwords and clumsy ways – the bot malice


Captcha is appearing everywhere!

These couple of years, Captcha has appeared in so many “forms”, as well as in web forms everywhere. Google in an effort to step up automated bot detection, and at the same time also address the usability aspect of it, came up with the reCAPTCHA initiative.

For their purposes of intent (at the compromise of designing for the user), technical people have so called invented “innovative” solutions to address issues like security and automated bots by introducing the traditional captcha challenge.

Google’s reCAPTCHA

Users’ privacy concerns aside, google claims that by tracking user’s mouse movements in addition to other variables that they won’t reveal, it can actually tell the difference between humans and bot just via a click of a checkbox. If this is insufficient, it will then challenge users with images containing text or an image grid for users to identify against a given word.


An interesting aside to this, is that google is tapping on the power of the masses who face this bot challenge, taking all these user inputs of selection as valuable data for their own machine learning purposes. Google does have a trick up its sleeve! I personally thought that its pretty scheming, yet at the same time a really great idea.

Username and Passwords are so dated

But what about login forms. Don’t user names and passwords feel so dated? Are we still stuck with such primitive levels of authentication? Its still in the days of locks and keys if we are to take a check from the analog world. Could there be an identification and authentication method that’s better?

There are the existing third party logins like Facebook and Google instant login interfaces. But what if we considered gestures/patterns for the mobile web login as well? Its akin to bringing the smartphones’ screen lock pattern login to the web experience. My personal opinion is that its pretty sweet, in terms of usability on mobile. The main caveat however, is the number of probabilities in terms of “password” combinations, depending on the complexity of the pattern. Maybe we could move on to doodles or “signatures”, that are more heuristic in nature.

pattern lock

You can actually try implementing your own with 9 dot pattern lock, a javascript library done by Steffest. I tried the demo, its quite cool.

Other authentication methods?

Otherwise, Apple iPhone did try to improve upon the gesture/pattern login system by coming up with the finger print authentication method. It is indeed a step forward for touch phones. But what about devices without touch sensors? Unless all devices start coming with their screens touch enabled, like the newer laptops of 2016 recently, there will be limitations. And not forgetting, what about the ergonomic considerations to think about? (According to )

What next?

For devices without a touch screen, we are still restricted in terms of authentication methods. Gesture type interfaces ie. free form types of authentication like doodles and signatures are out. One commonality of all devices however, is that they are all fundamentally limited by the input interface, or the Human machine interface. Whether its the keyboard and mouse in traditional computers, or touch screens on smartphones. Touch and gestures have already come pretty “native” or close to the natural human experience of interacting with the world. Whether we can come up with something further which will enhance our interaction and allow us for even better authentication methods, remains an interesting development for us all to envision. 3D interactive surfaces anyone?


If you have any exciting experiences, or opinions to share, do post them below!

Simplify and gear up your business today.

Contact me to find out more.

You must be logged in to post a comment.