- Even with the captcha enabled I had spam comments from time to time
- I'm trying to think of something more annoying when you are trying to do something on-line than having to read something deliberately made unreadable
Basically in user interaction terms it is about as bad as you can get at making sure users have the worst possible experience. I have really good eyesight, and can read very well - but the captcha that Blogger uses can boggle me a lot of the time. Blurred house numbers and swirly letters which could be a U or IJ etc. Terrible!
So I decided that I would remove the hindrance from the blog. (If I failed, please let me know!)
For this blog it is not that much of a problem - it's not like my posts generate hundreds of comments, so if there is something there that I feel is wrong it gets removed with quite simple ease.
For other sites of course it is a different matter. Take a system that allows users to do something with their account when they have forgotten some account details - whether that is the username or password.
So, if you really do need a captcha how can you ensure that your users do not pay the penalty? After all should usability suffer just because you are looking for security?
My favourite option is this one - the honey pot captcha. Basically, you add a normal sounding field to the site "Address" or something similar. Then you hide it with CSS so users can't see it.
And in one swoop you have a field that Spam bots will want to fill, and humans will never even see! Then you check to see if the default value had changed when the form has posted and hey presto you can filter the comments that cannot have come from human users.
It's not perfect, and if someone really, really wants to spam your site they will be able to defeat it with some investigations. But them how secure do you really need? You can always make the name of the field random - that makes it harder to crack.
But the main thing is that your actual users are passing your test, and they don't even know that they are taking it!
I've seen comments that it won't stop human spammers, but then neither will a traditional captcha!
And if it's really that important you can always use learning software, ala Akismet. The software goes through the comments and, the same as the spam filter on your email account, mark all the spam comments so they don't appear.
There are a lot of options out there - there are even great CSS captchas that are perfectly readable to humans but unless you have a spam bot that renders a page with full CSS and interprets hundreds of DIV elements as a number then it stops bots. I'd love to put a link to one, we used it for a few years at work - but I can't find it any more...
So why does Blogger (Google) not do some research into something cool that people don't struggle with! The people they have working for them can surely come up with something much better!