A lot has happened in the world since we first heard the term CAPTCHA back in 2003. Indeed, websites no longer face the same enemies they did back then. AI got better, stronger, and more intelligent. Thus, the challenge just got harder and more complex.

In this scenario, trapped in the crossfire between AI-fueled hackers and spammers and companies are end-users. How can you seal your website against spam and malicious attempts while retaining high conversion rates and customer satisfaction?

The solution is here and is called “The Honeypot Strategy”. So, read on, apply it to your website and make the most out of your online presence.

Is CAPTCHA The Best Solution to Keep Bots Away?

CAPTCHA is an acronym standing for Completely Automated Public Turing Test to Tell Computers and Humans Apart. The basic idea behind this term is to make a Turing test that can be easy for humans and ideally impossible for bots or AI.

This way, by asking a user to take a simple step before granting their way in, bots and spam were kept out of sites. The first CAPTCHAs were, indeed, fairly simple to solve, you had to input the text from a distorted image in the text box next to it.

The situation changed around 2010; AI became stronger and bots started learning to bypass CAPTCHAs. Thus, sites started making CAPTCHAs stronger. This meant they became more complex as well. As a result, users had to use more of their time to fulfill simple tasks online.

This had a huge impact on conversion rates and customer satisfaction. According to a case study, implementing CAPTCHAs, a company can lose up to 3.2% of its conversion rate in only three months.

The Growing Issues with CAPTCHAs

Let’s take a look at the growing issues users and companies have been experiencing with CAPTCHAs in the past decade.

Efficacy
A spambot is a piece of software written specifically to fill forms with information benefiting its author. Forms can be subscriptions, comments, and other text-based forms. These spambots have gotten smarter with time and are finding their way around CAPTCHAs at an alarming speed.

Thus, CAPTCHAs have to be more complex to leave bots out of the equation, otherwise it is a double-loss. In other words, as a website owner, you are creating a hassle for your real, human clients, and suffering from spambots anyway.

User Experience
It is safe to say that CAPTCHAs are ruining user experiences in most cases. Besides the conversion rate cited above, a Stanford University paper shows that it takes almost 10 seconds on average to solve a simple CAPTCHA.

Moreover, only 71% of the time, participants reached a three-people agreement on the translation of the word. The remaining 29% was a mismatch with the text forcing them to start over. This is not only frustrating, but it is also time-consuming. As a result, some customers can abandon a transaction with the item in the buying cart.

To illustrate that phenomenon, a recent study by Webnographer found that, because of past frustrations, 15% of the users gave up at the glance of a CAPTCHA. Adding to that, only 62% of those users completed the CAPTCHA correctly at the first attempt.

Are you sure your site requires CAPTCHA in the first place?

There is no doubt, at this point, that implementing CAPTCHA on your website will have an impact on the users. Moreover, it will have a negative impact in the vast majority of cases.

Therefore, before you set out to look for a different strategy, it is worth it to ask these questions.
· Does your site require form submissions?
· Is the day-to-day traffic on your website substantial?
· Do you have a spam problem with your site’s forms?
· Can users add comments to your blog posts? Or, if it applies, comments on your forum?
· Are you processing transactions and payments on your website? Are you doing this with a third party or on your own?

If your answer is positive to any of these questions, then you might need to think about implementing a CAPTCHA solution. On the other hand, if you are not verifying information, getting substantial traffic, or processing payments, you might not need an extra security measure.

Presenting The Honeypot Strategy
What if you could add the security a CAPTCHA provides with none of the hassles for the end-user? Furthermore, what if you could keep spambots away from your site effectively?
Let's introduce the honeypot strategy, a better way to check your visitor’s human qualities. The process is very simple; all you have to do is add a hidden field to the form. By “hidden field”, we mean using CSS to keep it out of sight and reach for human users.

If this field is filled with information, it is direct proof that the form was filled by a non-human entity. Thus, you can direct your website to reject the submission on the spot. Although the honeypot strategy has proved to be efficient and safe, there are some things to bear in mind about it.

· Auto-filling – Most web browsers (such as Google Chrome, for example) offer users to autofill the fields with the information they already entered in the past. If you name your honeypot with something very common, you risk rejecting humans too. Thus, be creative and name it as something nobody else asks for. It can be anything from “time zone” to “favorite color”.
· Randomize location – If you don’t randomize the location of the honeypot (and move it around often), a smart spambot author might pick it up.
· Don’t use “hide” to hide it – If you are using CSS, the best option to create the honeypot field is using a class containing a random word. Calling it “hide” will set the alarm for the spambot and it might ignore it.

As the honeypot strategy is becoming more popular, AI is growing stronger to bypass it. In this sense, the best bet is to make an effort in disguising the field to make it look like any other in the form.

Conclusion
A site that performs needs to be protected from online attacks, spambots, and other threats. In the increasingly complex current scenario, extra security measures are always welcome. So, if needed, implement The Honeypot Strategy and keep your customers happy and your website secure.