So, it's no secret that I'm not a big fan of captchas—they're a major accessibility issue, they're a royal pain for users that don't have a disability that impacts their web usage, and they don't work very well at establishing security. Even so, I still hear a lot of comments about how we need captchas to protect our web sites. Tell that to Microsoft and Google.

The problem with captchas is that they have the same underlying weakness as strong DRM. Even if you don't consider the idea of teams of outsourcers being paid to enter captchas or clever sites that use a bait to get regular users to break a captcha for them, the simple fact is that a captcha is, by its nature, machine readable. Not only is it machine readable, but it also has to be (more or less) human readable. By remaining readable in this way, it is always going to be a matter of time before someone develops software that can circumvent the system.

Considering the amount of resources that go into upgrading captcha technology, and the relative ease with which they fall, perhaps it's time to stop building bigger mousetraps and devote our resources to attempting to build a better mousetrap.