I agree that an image captcha can not be cracked by a lot of people, allthough it has been done. (and it takes only one program being released to do the job : ) ) Somethings to keep in mind is that you should use passphrases made up of random letters and numbers preventing the automated system from guessing them. The text captcha is based on the idea that the question you ask has to be interpreted first. I admit my question was not the best example but it should give an idea. A (maybe) better example:
The author Frank Example is 35 years old. He studies Law at Harvard. BTW he says "Hi". , What does the author Frank say? In a real world app this would be contained in a much larger text block and the question and text would be changed on each attempt. If you have a wide enough base of such questions it becomes virtually impossible to guess the correct word leaving only a brute force attack. A text captcha is fairly easy to set up using mysql and php but if you have a image captcha generator go with it or better even combine the two, it all depends on the grade of security you need against automation. regards Stefan Langer
