How effective is the captcha authentication security feature?
If the ProxyPass captcha authentication wrapper is enabled, the random image code displayed on the login form adds some measure of additional protection against brute force attacks and automated software programs that scrape content from a site. These “captcha” images are a type of Turing test, or challenge used to distinguish human browsers from automated software robots. Unfortunately, most captcha images are easily broken by advanced, automated OCR (optical character recognition) algorithms (see Breaking a Visual Captcha). Captchas are also neutralized by enlisting real humans to do the deciphering for a reward, a “free-porn-if-you-solve-the-captcha” sort of approach (see Defeating CAPTCHAs). Captchas can be a helpful deterrent to stopping the more amateurish brute-force attacks that make up a large portion of offending attacks. However, captchas are not sufficiently secure against serious attacks.
