Captcha Guidelines


If it is not possible to avoid [captcha]( entirely, please at least do it right!

* Do not mix letters and numbers. It is hard to distinguish O and 0, 1 and l or in some cases even G and 6 or 9 and g. Please use either letters or numbers exclusively.
* Do not mix uppercase and lowercase letters, or don’t be sensitive to case. It is hard to distinguish O and o, C and c, s and s, etc. Especially when the letters are twisted, then it is no longer possible to depict case from the letter height alone.
* Do not use random words, do use common dictionary words. It is a lot easier the user. It is not that people will brute force your captcha. If some people do, simply give them a new captcha for them to break.

Thanks for your cooperation :).


  1. captchas are not keys. they are a method to distinguish human and machines. they are used when human are welcomed but machines are not. a captcha incomprehensible to humans is a very bad captcha.

    looking at the pwntcha page, none of my guidelines above are in conflict with their requirements of a good captcha.

  2. hi, salam kenal…
    Interesting, I’ve always been bugged by Yahoo’s capthca, because they mix letters, numbers, and case-sensitive, and I just know what that’s called from your post :p
    I agree with #1 and #2, but I don’t think #3 is necessary if the captchas are adequately human solvable. And, agree, I don’t see any conflict with PWNtcha’s requirements.

  3. Captcha have accessibility problem. well, If you just assuming that everyone using browser with GUI interface, you could ignore this problem.

  4. More potentially confusing characters for #1: 2 and Z; 5 and S; 7 and T; 8 and B. With enough distortion, you can’t tell them apart– indeed, sometimes it’s hard to tell O and D apart…!

Leave a comment

Your email address will not be published. Required fields are marked *