CAPTCHA2

Patent Pending Technology!

Security!

Here are some details about the security features of the CAPTCHA2 system. (We don't believe in security by obscurity. Peer review is important.)

The Image

The placement of the clickable test bounding box is completely random within the image.

The display of the character to click on is always of a different font and opposite case from the character show in the clickable test box.

The background of the image is a gradient that changes direction, shape and color randomly. The shade of the background gradient always has areas darker and areas lighter than the shade of the test character.

The color, shade, alignment and font of the test character all change randomly.

Implementation

The coordinates of the test box are stored server-side only and not passed to the browser at any time.

Validation ID is random 32 character MD5 hash that is not sent to the browser until tests are successfully validated using AJAX.

Clicking on second correct test character automatically submits form to processing script. Steps are 1) Send validation ID to set hidden form field and 2) immediately submit form. The validation ID is good for only 10 seconds and is only good for one validation. The IDs cannot be reused.

IP address is blocked for 10 minutes upon 10 consecutive unsuccessful validation attempts.

IP address of the test must match IP address requesting validation on form processing script.