Do We Always Need Authentication?
4:02 pm January 24th, 2007 by Sal Cangeloso
When submitting a comment to Digg you have to read text from an image and type in the characters for authentication. This is done in order to prove that you “are human” and that the item is not being submitted by some sort of script or bot. This works well enough, but for Digg’s users, especially frequent submitters, it is quite annoying. Though effective, the system can obviously be improved.
For instance, Digg uses member ranking, so once a user reaches a certain ranking, why not stop using this? It would be almost impossible for a spam bot to get any sort of ranking (or for it to make the front page) so this seems like a great way to help out the users while saving Digg some processing power. If, somehow, a bot did foil the system and get ranked highly, it would obviously be submitting things people like, so why keep it from using the site?
I am not trying to single out Digg- these authentication systems are becoming extremely prevalent. They work very well on blogs were there are not always repeat users and spam watching constant attention. On many sites, by staying logged in when you leave the page (but not when you close the browser window) users don’t have to deal with reading those squiggly crossed out letters as much, which is appreciated.
Some sites, like OSnews, have gotten smart about authentication- they have users solve a simple equation as opposed to deciphering a series of characters. This is both quicker and easier and, while it may be easier for bots to figure out, with smaller sites it should be more than enough to deter the vast majority of spam.
Google’s Gmail require an image based authentication for it’s login only after a few unsuccessful attempts. This is another smart system that saves users time until there is a potential problem and only then is the extra security brought about.
Getting back to Digg, a smart move would probably be to require authentication when the user is logging in as opposed to at when sending in their article. Because a user who is not logged in cannot submit an article this security gateway is simply put before rather than later on. The problem with this would be that, ostensibly, a bot could be logged in manually and then it would be able to submit over and over again with no security measure to stop it. With this in mind it makes sense why Digg is designed the way it is, but if Digg was to combine this method with a ranking-based authentication system (only new users, unranked users, people whose average submission has less than 5 diggs, etc.) then whole process will be streamlined.
[...] night a story on this blog was submitted to Digg. It was not a particularly noteworthy post, just some [...]