As simple alternative to a Captcha, sites could employ a randomly generated password string (alpha and/or numeric) in conjunction with a randomizing virtual keyboard.
When a user is presented with a clear text password (either in an image or plain text) he or she would simply have to click on the corresponding virtual keys, which would then transmit the coordinates of the click to the host as a means of verification.
Successful attacks against virtual keyboard systems have involved the attacker logging the input value (password / PIN) for reuse. However, in a Captcha scenario, if random pass strings are combined with random keyboard layout, logging input value would would not benefit the attacker since he or she would not be able to predict when, if ever, the the pass string might be reused.
Slashdot Mirror
As simple alternative to a Captcha, sites could employ a randomly generated password string (alpha and/or numeric) in conjunction with a randomizing virtual keyboard.
When a user is presented with a clear text password (either in an image or plain text) he or she would simply have to click on the corresponding virtual keys, which would then transmit the coordinates of the click to the host as a means of verification.
Successful attacks against virtual keyboard systems have involved the attacker logging the input value (password / PIN) for reuse. However, in a Captcha scenario, if random pass strings are combined with random keyboard layout, logging input value would would not benefit the attacker since he or she would not be able to predict when, if ever, the the pass string might be reused.