js验证码刷新验证码
A brief exchange on Twitter led me to think about one of the things I most definitely do not love about the internet—captchas. While I won’t go quite as far as to say captchas are the spawn of Satan (let’s wait for the DNA tests before we go that far) I will say that I believe they are not only the wrong solution, but an arrogant and inconsiderate one.
在Twitter上的简短交流使我想到了我最不喜欢互联网的一件事-验证码。 虽然我不敢说验证码是撒旦的产物(让我们等到那一步之前,我们要等待DNA测试),但我要说的是,我相信它们不仅是错误的解决方案,而且是傲慢无礼的之一。
Firstly, it is worth pointing out that captchas are nowhere near as secure as you’d like to believe. Back in 2005, the W3C pointed out that third party services had demonstrated that most captcha services could be defeated with 88%-100% accuracy by using some simple OCR. I suspect that since then captchas have probably gotten a bit better, but spam bots probably have as well.
首先,值得指出的是,验证码远没有您想像的那么安全。 早在2005年, W3C指出第三方服务已证明,使用一些简单的OCR,可以以88%-100%的准确性击败大多数验证码服务。 我怀疑从那以后验证码可能会变得更好一些,但是垃圾邮件机器人也可能会变得更好。
Then of course there are the accessibility issues. In particular, visitors who suffer from blindness, dyslexia or low vision will struggle greatly with a captcha system. You can aid them slightly by offering an audio alternative, but the audio used in captcha systems tends to be rather noisy and doesn’t help a great deal. Audio alternatives are particularly useless if you are in a noisy environment such as a coffee shop or office. To make matters worse, these audio alternatives are often not provided in a way that is accessible to the very audience that needs them the most.
当然,这里还有可访问性问题。 尤其是,患有失明,阅读障碍或视力低下的访客将很难使用验证码系统。 您可以通过提供音频替代品来稍稍帮助他们,但是验证码系统中使用的音频往往比较嘈杂,并且无济于事。 如果您在嘈杂的环境(例如咖啡店或办公室)中,使用其他音频替代品就特别无用。 更糟糕的是,这些音频替代方案通常不会以最需要它们的听众可以访问的方式提供。
Let’s assume, however, that all of our visitors have good vision. Captchas are still the wrong solution because they put the onus on the user to figure them out in order to successfully continue. Spam is not the users problem, it is the problem of the business that is providing the site. It is arrogant and lazy to try and push the problem onto a site’s visitors.
但是,让我们假设所有访客的视野都很好。 验证码仍然是错误的解决方案,因为它们使用户有责任找出它们,以便成功继续。 垃圾邮件不是用户的问题,而是提供站点的企业的问题。 尝试将问题推送到网站的访问者上来是傲慢而懒惰的。
Captchas cause a great deal of frustration for many users. On average, it takes around 10 seconds to solve a captcha correctly. I have watched many a savvy user struggle 2, 3, even 4 times to correctly solve a captcha. That’s no way to reward someone who is trying to interact with your site.
验证码会使许多用户感到沮丧。 平均大约需要10秒钟才能正确解决验证码 。 我已经看到许多精明的用户奋斗2、3甚至4次才能正确解决验证码。 这是没有办法奖励试图与您的网站进行交互的人的。
The cute ‘solution’ to wasting 10 seconds of a users time was to make that time somehow productive. So reCAPTCHA came into play. reCAPTCHA’s show two words. One word can be deciphered using OCR. The second is a word, taken from a book, which OCR failed to decipher. Correction - both words are originally undecipherable by OCR. One word, the ‘control’ word, is a word that has been identified consistently and is therefore ‘solved’. The second word is one that has yet to have a large enough base of consistent answers to correctly determine what word it is.
浪费用户10秒时间的一种可爱的“解决方案”是使这段时间更有效率。 因此reCAPTCHA发挥了作用。 reCAPTCHA的节目两个字。 可以使用OCR解密一个单词。 第二个是从书中摘下来的单词,OCR无法解密。 更正-OCR最初无法识别两个单词。 一个词,即“控制”词,是指被一致识别并因此被“解决”的词。 第二个单词是尚未具有足够大的一致答案基础的单词,以正确确定它是什么单词。
The idea is that if the user correctly solves the more legible word, the reCAPTCHA system will assume they are probably right about the second word. By showing that second word to a large number of people and comparing results, they can figure out what that word should be. It’s crowd sourcing the digitization of books. Of course it too completely ignores the real issue: the assumed new-found ‘productivity’ doesn’t benefit the user. In fact, reCAPTCHA systems make the user get frustrated for no reason whatsoever about a word that even the reCAPTCHA system itself cannot decipher!
这样的想法是,如果用户正确地解决了更易读的单词,那么reCAPTCHA系统将假定他们可能对第二个单词是正确的。 通过向大量人员显示第二个单词并比较结果,他们可以弄清楚该单词应该是什么。 大量采购书籍的数字化。 当然,它也完全忽略了实际问题:假定的新发现的“生产力”不会使用户受益。 实际上,reCAPTCHA系统使用户毫无理由感到沮丧,甚至连reCAPTCHA系统本身也无法破译的单词!
In conclusion, captchas are inaccessible, inconsiderate and frustrating. In addition, most captchas are not as secure as you would like to believe. A far more elegant solution is to use some sort of filtering system (like Akismet). Such a system can run behind the scenes and work without complicating the user experience.
总而言之,验证码无法访问,不加考虑和令人沮丧。 此外,大多数验证码并不像您所希望的那样安全。 一个更优雅的解决方案是使用某种过滤系统(例如Akismet)。 这样的系统可以在后台运行并工作,而不会使用户体验复杂化。
It’s time to kill off captchas and stop punishing users for trying to interact with our sites.
现在该消灭验证码并停止惩罚试图与我们的网站进行交互的用户了。
js验证码刷新验证码