Come up with another one, I'll try and defeat it for you. :) (FINISH HIM!)

Although you can't argue with stupidity, I'll be ignorant and give it a shot anyway. Of course you can always come up with arguments against mine (at least I fully hope so). The question is, is wheter this any productive.

b10m "Instead of putting your visitors through the hassle, you might put some time in it yourself, by snooping through logfiles..."

sporty "You can't go by ip. There are a lot of proxies out there, like those used by AOL. Even so, 30 bots each submitting 1 request a day for 30 days is 900 junk registrations. Maybe I'll accumulate 60 bots and do one every other day. Now you have to sit down and analze logs for hidden patterns, since a proxy will totally through your ip anlaysis off. :)"

As hardburn put it well in node 317719 :

hardburn "If a harvester really wanted to, they could pay a batch of minimum-wage workers to fill out these forms all day with an acceptable rate of acesses per day"

sporty "I run an internal site that uses pre-generated, overly random passwords. The user can reset his password whenever he wants to another new pre-generated password. People hate it since they are hard to remember, but they put up with it since it's understood that I won't change it for security reasons. I tell them right out, I'm more likely to trust my random junk than someone typing in a really bad password later."

Ah, yes, "random" passwords are very secure. For this measure to be somewhat useful, you would have to make sure that your entire site runs over SSL, no cookies are used and new super secure, pre-generated random passwords are either e-mailed to the user, using (GPG) encryption, or not e-mailed at all. Still, I could probably find flaws in any type of security you could come up with ;-)

Unless you're a BOFH, I could see no added value to these mega "secure" random passwords.

By the way: Shall we continue this thread by e-mail? For I believe there is no PM value in all this ...