I am building a login system for a website and am currently programming the registration. What would you recommend as far as human authentication? reCAPTCHA integration or an activation email? My thoughts... I find it REALLY annoying to open my webmail and check for an activation code and hope that it arrives on time. reCaptcha validation would allow users instant access when they hit the "register" button. ... And Its much easier for me to just implement reCaptcha than it is to have an activation system, make sure to have user check their spam box, have a re-send activation code feature, etc etc... I think a bot could easily be programmed to fill out my form, submit a registration, and then be also programmed to receive emails through temporary boxes or whatever and click the activation link automatically... While a bot is much less likely to be able to read a recaptcha message. I mean I know you can buy services that will read recaptcha images for you but I dont think its as likely as a bot doing email activation..
Your goal is human authentication. That's the purpose of reCaptcha. The goal of email authentication is ... to make sure the user controls the email address.
i think reCaptcha will be better than email authentication as some users feel lazy to open their email and click on the link...
I personally would only use reCaptcha to prevent DoS attacks. Sites have been taken out of commission when a competitor sets up a script to constantly login. Overwhelming the hits on the SQL server. I would want to make certain I had good emails of those that register because that can be used to build a money making list with.
reCaptcha isn't very good without Email verification, the same the other way around. I suggest to have both in your site. reCaptcha can sometimes be bypassed by scripts and email verification may be delay or bounce back.
I know got an idea... I dont know whether you would like this idea... How about providing them both the options... Like if they need email verification let them just select that option so that i send them an email to verify. Otherwise let them enter the Captcha... I dont know whether this is useful to you, but i would like to share this idea... Sorry if it doesn't help
many tools for auto comment.. like srapbox, xrumer, etc... recaptcha and help for blocking auto comment like that tools
I've decided to implement email authentication.. Ugh so much more goes into a user management system than you think when you start out.. Password reset functionality, resend lost activation codes, email address update and authentication function, .. All the validation that goes with each of these things. There really is no incentive for anyone to spam this website as its made clear that every submission is human moderated my an administrator.. I just don't want to login one day to find my approval queue full of 10,000 junk entries as it would be a PITA to sort through everything... So in the event that that happens, I will implement reCaptcha.
This is not an "or" situation. Use both for a user registration system. Email authentication is great but reCaptcha will help you stop mis-usage earlier. Why force your server to send an email if reCaptcha can already determine that the user is a bot. Using both will allow you to have reCaptcha as your main bot defense, and email authentication to prevent fake emails and as a bot defense backup. Yes, email authentication can defend against bots alone but it also can have your server send out far more emails than necessary, using extra bandwidth. Secondly, if done correctly, an attack can cause your email server to be blacklisted by email providers.
You should combine this two approaches. Email activation can easily be hacked by robots(simply click every URL in your mail). Besides, I recommend recapcha.
if u like more members to register quickly, u need to go with recaptcha, email verification also good, but most people are lazy to do lot of work and join. So I prefer recaptcha