Try this demo:
 
Security test. Please identify the pictures:
 
identiPIC photo CAPTCHA system

identiPIC is a photo CAPTCHA system whereby a website visitor has to identify a picture to proceed. The system is typically used on web forms to block spambots. A human can identify a picture, a spambot cannot.

The web is awash with spambots that attack contact forms, guestbooks, forums etc. Up until now, the main line of defence against them was the CAPTCHA. A CAPTCHA is a test to tell humans apart from computers (spambots in this case) that relies on the user entering a string of characters presented to them in an image. This worked well for a while until the bots began to overcome them by reading them with OCR (optical character recognition) programs. Another problem with the traditional CAPTCHA is that they are sometimes difficult to read. The advantage of the identiPIC system is that a computer cannot tell what a picture is of but a human can clearly see what it is.

Using this system means that spam on your site will be drastically reduced, with the minimum inconvenience to genuine users.

This site demonstrates some photo CAPTCHA ideas and shows you how to implement them on your website. The code for this system is written in PHP and that is what is shown on this site but you could write a similar system in other languages.

To make your own identiPIC photo CAPTCHA like the demo above, put this HTML code on your form:

Put this code in the PHP script that handles your form:

You will need the three images in the demo above. Right-click on them and save them as they are named. Upload them to your webspace along with your edited form code and form-handling script.

In the code above, the input has to match exactly the identity of your pictures AND the order of the pictures.

Some points. The drop-down options giving the potential solutions to the identity of the pictures contain ten possible solutions. You can make as many options here as you wish but you have to balance bamboozling the bots with inconveniencing the visitor. If you make the lists too long, it could be counter productive. You can see that the lists are all the same but they don't need to be. You can put anything you like in there so long as the correct solution is included for the picture in question. Try not to put conflicting options in the list. You can see from the list that I have made, that the solution is quite obvious. If you were to put "animal" and "dog" (for example) in the same list, this would be confusing.

There are ten selection options above for each picture. This means that the chances of guessing the correct solution, if a bot were to try this (debatable?) would be 1,000:1 (10 x 10 x 10). You can lengthen the odds by adding more pictures or more selection options. Adding more pictures would be the best way to lengthen the odds. Showing four pictures with ten options for each makes the odds 10,000:1 (10 to the power of 4: 10 x 10 x 10 x 10) for guessing the correct solution. Having say, 15 solutions for four pictures would give odds of 50,625:1. Eight pictures with ten options each gives odds of 100,000,000 (one hundred million):1!

You are strongly urged to customize your photo CAPTCHA system. If everyone uses the same pictures with the same solutions then it wouldn't take long for spammers to take advantage of this. I have used different pictures on the contact form for this site. Use your own pictures with your own solutions. Use your own names for your pictures but don't call a picture of a dog, dog.jpg, you could be giving the game away! I got the images used on this site from image*after. They are free to use for commercial and personal purposes.

A different type of identiPIC system is the use of one or more pictures where the visitor types an answer to identify a picture and is not given a list to choose from. The advantage of this is that a bot is not presented with the solution somewhere in a list (although it would have to be a very persistent bot that would make thousands (or millions) of attempts to get into each site it visits). The disadvantage of this method is that it is more work for the visitor and handling the input is trickier because you are relying on the user to spell the solution correctly or give it in a way that you expect.

Here's an example of this method:

Security test. Please identify the picture:
 

To make your own identiPIC photo CAPTCHA like the demo above, put this HTML code on your form:

Put this code in the PHP script that handles your form:

In the code above, the line shown below limits the length of the input to 15 characters, this is to stop bots throwing dictionaries at it:

strlen($_REQUEST['identiPIC_answer']) > 15

The array shown below contains the values that you check against the input:

$identiPIC_solutions = array('bicycle','bike');

If any of these values appear anywhere in the input, then the answer is correct. So "bike" would be a correct answer and "it's a bike!" would also be correct. You have to be mindful when using this version of identiPIC that you could get various answers that would be correct.

Instead of asking a visitor to identify a picture, you could ask them a question about a picture. You could have a picture of a man laughing, and ask "what is this man doing?". Use your imagination!

Things to consider. Random display of pictures. Limit number of attempts. Showing larger pictures for visually impaired people.

CAPTCHA stands for "Completely Automated Public Turing tests to tell Computers and Humans Apart". The word was claimed as a Trademark by Carnegie Mellon University but at the time of writing (July 2008) has not been registered and is showing an abandonment date of April 21st 2008.

Valid HTML 4.01 Strict