On 13-01-24 13:52, George Herbert wrote:
It's true that relying on the laziness of attackers is statistically useful, but as soon as one becomes an interesting enough target that the professionals aim, then professional grade tools (which walz through captchas more effectively than normal users can, by far) make them useless.
This is true. However, if CAPTCHAS stop the bulk of casual hacking attempts because the simple hacking scripts just flag that site as not worth the effort and move onto the next, then the site manager has to deal with far fewer true hacking attempts (those which are determined to get in or hurt your web site). It is better to have a tent with holes in the screen door than no screen door. If the damaged screen door still prevents 90% of mosquitoes from getting in, it does let you chase down and kill those that do get in. Just because a security technique is not bullet proof does not mean it isn't useful.