|
|
|
|
Is CAPTCHA still a thing in 2026 (Captcha 3.5)?
|
|
1 points
by jarirajari
151 days ago
|
|
|
I have been writing new SaaS software and I noticed thinking about bots. I can see that Google's reCaptcha or Cloudflare Turnstile are suitable for public, low-risk, consumer sites, but not suitable for sites which expect bots which utilize sophisticated techniques. Why? Because: - bots are becoming more advanced
- email verification is broken i.e. bots can do it too
- current captchas are not effective enough My problems with bots are: 1. Fake registration and login prevention
* Accounts used to run fraud or cyber attacks later
* Bots hammer login endpoints using leaked passwords 2. Resource consumption
* Compute costs (especially with bot army) including APIs
* Denial-of-Service for legitimate users 3. Current CAPTCHAs are not cost-effective
* Costs 0.50-3.00 USD per 1000 challenges (if accounting all challenges)
* Too easy to bypass at scale, ineffective cost-to-benefit ratio Are you looking to protect your SaaS software against bots too? Do you share my problems? |
|
|