validation code : Java Glossary


validation code
Introduction How To Cheat on Captcha
Under The Hood Recaptcha
Friendly Captcha


aka security code. 58% of Internet traffic is generated by bots. Most of the time there is no need to block them. Sometimes there is. A validation code is a combination vision test, typing test and ESP (Extra Sensory Perception) test you must take to prove yourself worthy of using some program, signing up for a forum, submitting a PAD (Portable Application Description), sending an EMAIL, or even getting on a junk mail list. The idea is it proves you are a real human, not some malicious automaton. You have to type the deliberately distorted letters and numbers you see such as:

validation code validation code faint captcha

Is that first one v911 or v9ll? or V911? Is the second 9EC15K or 9ECLSY?

A variant asks you a multiple choice question to identify a picture. This is less stressful than a typing test.

The catch is you can’t tell o from O from 0 in isolation, or i from l from |, etc. I have complained to the creators of these torments and they ignore me. You have a similar but not so serious problem keying serial numbers and Windows activation codes. Any time you want people to key random gibberish, e.g. serial numbers, activation keys and validation codes, the number should not use the characters 0 o O 1 l. Alternatively, you can use the ambiguous letters but treat all similar-looking letters as equivalent. This does not reduce the psychological stress on the person typing however.

Under The Hood

They work by the interaction of three parts:

  1. Embedded HTML (Hypertext Markup Language) markup in your webpages.
  2. Captcha library code in your application server, most commonly written in PHP (Pre-Hypertext Processor).
  3. A Captcha server to generate images and check results.

Though not part of the validation code, sometimes the box you are supposed to type into is almost invisible like this:
faint captcha

Here is an alternate form of validation code that does not require ESP to solve:

alternate captcha

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)

CAPTCHA is an infuriating commercial validation code software.

CAPTCHA sample

You will see the technique used on Blogger. Unfortunately, the creators of these tests usually require you to distinguish 1 from l and 0 from O from o without any meaningful contexts. So they waste the user’s time with ambiguous images.

Captchas often contain punctuation or what might be punctuation. They don’t tell you if you are supposed to type it. I think you are not supposed to.

CAPTCHA sample

Captchas are getting harder and harder to guess every month. It took me 40 tries to get one right the other day. This is ridiculous. Captchas are like pointing a shotgun at your customers and saying Get the hell out of here! We don’t like incompetent people like you.

They require supernormal vision to decipher. They are a slap in the face to anyone over 30.

The bottom line is it usually takes me 5+ tries to get one to work. Each time the server typically erases part of my form and I have to rekey it. Each time I am convinced I have it correct. It is a great way to infuriate your customers. If you have to back up and resubmit a page, Captcha will sometimes rudely and falsely accuse you of fraud. Captchas are simply unacceptably rude. A Captcha is like placing dog poo on your welcome mat.

Friendly Captcha

friendly captcha

I have seen a new kind of Captcha. It shows a small box. Beside it are the words I am not a robot.. You click the box, and that’s it. It somehow determines from that if you are a human or a bot. I have no idea how it works.

It is called ReCaptcha by Google.

How To Cheat on Captcha

If you are having trouble keying a validation code, use the Opera browser and crank the zoom up to 200%. Then if you still can’t figure out the pattern, hit the circling arrows CAPTCHA circling arrows on the Captcha panel, and you will get a different, hopefully easier test.

Use a Captcha-cracking service:


A CAPTCHA has two parts, a bit of text from an old book that OCR (Optical Character Recognition) could not read and a random word digitally deformed and defaced. The server does not know the corresponding text for the first, but it does for the second. If you get the second part right, it presumes you know what you were doing for the first. This way as a side effect of solving the CAPTCHA, very old books (and the early editions of the New York Times) get converted to text.
I think Captchas are inexcusably rude way to treat your customers. I had impure thoughts about bodily harm to those who posed inscrutable Captchas to me that I could not solve in a dozen tries. If a site uses these foul things, they should at least monitor the distribution of how many tries it is taking their users and how many give up in disgust. Then at least they would know just how insufferably rude they were being. But even that won’t tally those people who won’t touch a Captcha-guarded form at all because of prior negative experience. Month by month Captchas get more difficult as bots get cleverer. The irony is bots are now more clever than people at decoding Captchas.

I intended, through obscene repetition, to make it clear I would not shed a tear if terrorists blew up the Captcha building. We users should boycott sites with outrageously difficult Captchas, especially ones that erase your keying on every attempt and let them know why.

6 Captcha alternatives
Alternatives to Captcha alternative to Captcha
BotDetect Captcha: a commercial implementation of Captcha for PHP and ASP
free Captcha code
Rant on keying passwords blind
ReCaptcha: single-click easy-to-use captcha, by Google
SolveMedia: math-based Captchas

This page is posted
on the web at:

Optional Replicator mirror
on local hard disk J:

Canadian Mind Products
Please the feedback from other visitors, or your own feedback about the site.
Contact Roedy. Please feel free to link to this page without explicit permission.

Your face IP:[]
You are visitor number