On 07/11/14 02:52, Jon Harald Søby wrote:
The main concern is obviously that it is really hard
to read, but there are
also some other issues, namely that all the fields in the user registration
form (except for the username) are wiped if you enter the CAPTCHA
incorrectly. So when you make a mistake, not only do you have to re-type a
whole new CAPTCHA (where you may make another mistake), you also have to
re-type the password twice *and* your e-mail address. This takes a long
time, especially if you're not a fast typer (which was the case for the
first group), or if you are on a tablet or phone (which was the case for
some in the second group).
Only the password fields are cleared (in addition to the captcha). It is
debatable if clearing them is the right thing or not, there must be some
papers talking about that. But I think we could go with keeping them
filled with the user password.
Another idea I am liking is to place the captcha at a different page (as
a second step), where we could offer several options (captchas, puzzles,
irc chat, email…) to confirm them, then gather their success rate.