

Ask HN: Do I need a captcha on my web apps sign up form? - ctingom

Does anybody have experience with NOT adding a captcha? Did you get tons of spam accounts?
======
ashleyw
If I see a form, I instantly decide whether it's worth filling in based on how
much I want to pass it. And I often press the back button when I'm feeling
lazy.

…captchas really don't help.

Don't fix a problem until it exists, and even then try and find an alternative
method to fix it if it may negatively affect your users.

------
cruise02
Yeah, if you get any kind of traffic at all, and some script kiddie discovers
that they can fill your disk quota with fake accounts, they will. I recommend
reCAPTCHA (<http://recaptcha.net/whyrecaptcha.html>), since it's free and
easy.

~~~
pavel_lishin
Are kids nowadays so bored that they would fill up a disk quota with fake
accounts just for shits and giggles?

~~~
pierrefar
For LOLz actually.

~~~
sharkbrainguy
"lulz" I believe

~~~
pierrefar
I stand corrected while simultaneously betraying my age.

LOL, I guess.

------
sachinag
No.

We go on and on about premature optimization in our code; why do that in your
signup process? If and when it becomes a big issue, sure, add a CAPTCHA. But
until then, why?

------
ctingom
Okay thanks everybody for the replies. The consensus appears to be to leave it
off until it's a problem. So that's what I'm going to do.

------
makeee
I don't use a captcha on my site and I've never had an issue. I wouldn't worry
about it until the problem arises. If your site is just starting out you want
to keep that barrier to participation as low as possible.

------
Hexstream
Limiting new accounts to, say, 20 per day per IP should severely mitigate most
attacks, especially the ones not specifically targetted at your site. For the
targeted ones, deal with them as they come up, in a more or less manual way.
You don't want to have 10000 new fake account creations per second but you
don't need to bother your legitimate users with overly annoying measures like
Captcha.

------
Goladus
I'd say implement one if you can afford the time and resources now. Then shut
it off until you actually need it.

------
ozsynergy
Don't worry about captcha till you need it.

I strongly recommend storing the ip address and the signup datetime. It makes
finding and deleting spam accounts easy.

------
eli
Bots will definitely attempt to submit any form they encounter.

And captchas (or any other additional signup question!) decreases signups
pretty significantly

------
ryanwaggoner
Well, do _you_?

I wouldn't add one unless _you_ need one, based on what you're seeing for your
own app.

------
vamsee
I've seen a couple of friends complain about captchas that they're a pain to
fill in. They definitely don't make the signup process any simpler. I've seen
some sites use simple math questions, like "what is 2 plus 5" or something
like that. Don't know how effective they are in stopping spam, though.

------
izak30
My forms typically go only a few days before they start getting form
submission spam.

There are lots of captchas to implement in a couple of hours, and people are
used to filling them out. It seems like a no-brainer to me.

