Reports have been circulating for the last few days now about one of the security mainstays of many of the larger web services such as Google, Microsoft Live and Yahoo being broken. CAPTCHAs are those little boxes of text which are obscured in some way - you usually have to enter your interpretation of them to prove that you're a human. The Wikipedia article for CAPTCHAs is quite good at the moment and also has examples of CAPTCHAs. The reason for this is primarily to stop software from signing up to these services and then using them to send out spam. For instance, having software sign up to the Google services means that GMail accounts can be created, then from here, spam can be sent.

You'll appreciate, if you look at some of the examples shown in the Wikipedia article that, in some cases, it can be difficult even for a human to decode what's being displayed. Indeed, there's numerous times that I've got the test wrong. With this in mind, it's somewhat surprising to find that software developers are now at the stage - if reports are to be believed - that software is able to get the CAPTCHA test correct in as many as 20% of cases.

This presents us with the question of where to go next. Spammers, and the software developers that work with them are always playing a game of catchup - the good guys build em up, and the spammers will knock em down again. So whatever the next phase is, they'll find a way around it - or solve it. It'll just take some time.

As it stands, they're currently able to solve - at best - 20% of the CAPTCHAs presented to them. This will only get better, but I think it's going to be a long time before they're even at 50%. I think that one of the better ways forward at the moment is CAPTCHA + something else, so you essentially have to pass two tests to validate. There's numerous ideas which would possibly work. Some ideas off the top of my head include matching cards together. The method would be something along the lines of you being shown five cards. Two of which are half of a face, with the third being half a cat, the fourth half of a dog, and the fifth half of a car. Clearly, the two halves of the face match. Another would be an array of ten cards, 8 with pictures of animals (for instance) and two with humans. Pick the humans.

The issue you've got to get around with anything like the above is that at the moment it's totally non-standard. People the world over generally recognise CAPTCHA and know what to do with it. With any new test, you've got to get around the language barrier, and possibly any cultural barrier. Those in the UK at least will know the HSBC adverts - what if people in some part of the world get given a new test involving a black cat? Is this unlucky for them? Different things have different meanings, so anything like this would possibly need checking to make sure it has no negative connotations.

Plenty to think about, though.