Ever felt the urge to skip a page when you were momentarily stopped by a captcha? I bet you did!
Every time I fill in an online form or simply login, I have to prove my existence as a human. Oh c’mon! People will be going to the Moon for a vacation in a few days, and I’m still having to select picture blocks to confirm that I’m not a robot? There must be another way to keep bots away than to make people curse and make faces in the middle of an avalanche of work.
There is a way. A neat and sweet sounding thing called honeypot. It’s a captcha that wears the Invisibility Cloak and doesn’t bother users, but works diligently to keep spambots away.
How does it Work?
Keeping things short and simple, here’s how a honeypot captcha works:
Honeypot captcha is clever in that it does not bother the user. As user experiences are becoming more and more seamless, it would be a shame to give the site visitor a grand welcome only to slam an annoying reCaptcha on the face. As a UI/UX designer, there’s a vast field of opportunities to make beautiful forms that make people drool, and to peacefully wrap them up with a gorgeous submit button without having a hideous reCaptcha before it.
From a technical point of view, too, honeypot is a good option as it captures only the malicious traffic and not the entire set. This means less storage space, less data to analyze and faster output.
Honeypots capture information about the type of attack, so the weak points can be easily analyzed. This helps administrators learn about new methods of attack, and work on them.
There are few hiccups, though.
People who have an autofill option on their system might find it difficult to pass through a honeypot as the features would fill in all fields, including the hidden field. However preventing autofill option on the page can successfully answer this problem. See, not much of a botheration, after all.
Like all good things, honeypot isn’t free from drawbacks.
Malicious traffic is only collected when the attack is on the honeypot machine. If the attack is on a different machine, then…Oops! The bad guys can steal the show.
Honeypots will report an attack only when activity is directed against them. If the attack is on variety of other systems, then it will have no idea about what’s happening around them.
And it’s vulnerable to identification. That is, an expert might identify a honeypot by its specific set of behaviours, and plan the attack through the honeypot itself.
So, is Honeypot Really that Sweet?
Be it Captcha, reCaptcha or honeypot, no anti-spam measure is foolproof. Bots will always find a way to wriggle in. But keeping user experience in mind, honeypot turns out to be the optimum solution to having a form that repels bots and attracts humans. The sad part is that many websites are still hugging reCaptcha, thus introducing a bump in the smooth navigation a user deserves. It’s probably time to switch to a better option.
Originally published at design-studio.io on October 5, 2018.