In a recent post at TheEmailAdmin, I grumbled briefly about how annoying CAPTCHAs can sometimes be. Scratch that. It’s not a case of “sometimes” – I find them to be annoying all the time! The problem I have is that I usually cannot read the things. Maybe I’m stupid, but it’s often the case that I simply cannot tell whether a particular sqiggly-wiggly line is supposed to be a “2″ or a “Z” or an “8″ or a ‘B’. Unfortunately, the bad guys seem to have no such problems and routinely break CAPTCHAs – see, for example, the post Microsoft’s CAPTCHA Cracked Again.

This leads to the question: are CAPTCHAs doomed? I suspect that the answer is, yup, there is very little doubt that CAPTCHAs will become a thing of the past. Here’s why:

1. I seriously doubt that it will be possible to devise a CAPTCHA that cannot be broken. Yup, people are working on CAPTCHAs which they claim will be much more difficult to break, but I don’t think that they’ll succeed. Where there’s a will there’s a way and, given enough inentive, the bad guys will almost certainly be able to find a back door.

2. CAPTCHAs are a major inconvenience (to humans, at least). They waste people’s time – and time is money. I suspect that many people do as I do when faced with a hard to read CAPTCH and simply give up (who wants to spend 15 minutes struggling with a CAPTCHA simply to be able to comment on a blog post?). And then there’s the issue of the problems that they present to people with visual impairment. Yup, I know that there are workarounds – audio CAPTCHAs, for example – but they are still inconvenient (and can, of course, be broken as easily as other CAPTCHAs).

So, if CAPTCHAs will not work, how can abuse/spam be blocked? The answer, I suspect, is that it cannot. Not completely, anway. As with email spam, the best that we can probably hope for is to be able to bring about a substantial reduction. And there’s a couple of ways that this could realistically be done.

Quotas would seem to be a cheap and effective method of combating spam. Instead of permitting social networkers to send an unlimited number of messages to other users, why not impose a cap? The cap could be reviewed once people have, over a period of time, established that they are a real, valid user.

Using spam filters would also seem to be a viable solution. Why not automatically block sent comments and messages that are tagged as spam? The solution may not be perfect (no filter can block 100% of spam) but, to my mind, it’s certainly a lot better than a CAPTCHA.

These are not, of course, the only ways of solving the problem. In some situations, using email validation and/or simple moderation may be highly effective.

What do you think? Is the CAPTCHA in terminal decline? And, if so, what’s the best solution?