Thursday, October 18, 2007

Lord & Taylor's CAPTCHA takes the cake!*

Efforts to can spam, foil phishers, and baffle bots are becoming increasingly creative. One delicious example is Lord & Taylor's CAPTCHA technique, which really takes the cake!

SIDEBAR: If you're wondering WTH (What The Heck)?! I've got some 'splainin' to do. CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHA applications combat fraud perpetrated by humans and bots. Bots, in this context (as opposed to the biological, musical, economic, or thermomagnetic), are described by>>CAPTCHA as "software agents [...] developed to automatically perform illegitimate transactions over the Web, including overloading online opinion polls, performing dictionary attacks to find names and passwords as well as grabbing thousands of free e-mail accounts for sending spam."

Are you with me?

BACK ON TRACK: One creative use of CAPTCHA is employed by Yahoo! to combat phishers. Yahoo!'s login page offers an option to create a text or image badge to authenticate the login form and distinguish it from those of imposters seeking to steal Yahoo! login information. One enters a three-part alphanumeric phrase (e.g., ABC-123-xoxo or I-Eat-Cake), or uploads an image from their hard drive, et voila! one's created a unique, authenticatable [yes, that's a word!] sign-in form.

Lord & Taylor's CAPTCHA application, on the other hand, presents an image - in my case, the tasty tidbit pictured above - to registrants at Credit Services, and instructions to create a caption. Subsequently, account access requires: (1) entering one's email address, (2) verifying one's unique Site Key Image [i.e., picture-caption combination], and (3) entering one's password. Piece o' cake!

The process protects users' accounts from hackers and scammers, and is actually fun to follow. As Ralph Kramden would say: how sweet it is!