How does Twitter verify which user is completing the CAPTCHA? Abraham
On Fri, Jan 22, 2010 at 07:06, John Meyer <john.l.me...@gmail.com> wrote: > On 1/22/2010 7:48 AM, Josh Roesslein wrote: > >> Not 100% sure what you are suggesting. Are you suggesting for the >> authorization step that instead of directing the user to twitter >> instead receive a captcha image which the user inputs that # and we >> send back to get the access token? >> I am not sure that is such a good idea, mainly because captchas are >> pretty easy to interpret by machines. It's just too risky that an >> attacker will guess the correct value and thus gain entry to some >> user's account. If I am misinterpreting your idea, please let me know. >> >> Josh >> > > > Pretty easy is relative. While there are programs to crack CAPTCHAs out > there, they still are more effective than traditional username/password > combinations. And I still would insist that this method would be an > accomidation for desktop and mobile clients who may have difficulty > displaying web pages. Barring that, the only alternative I could see is > turning every program into a de facto web server. > -- Abraham Williams | Moved to Seattle | May cause email delays Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Seattle, WA, United States