— Add two "honey pots" for bots: a hidden checkbox + a hidden input field,
— Turn off autocomplete on these fields (developer.mozilla.org/en-US/docs/Web…)
— Hide with CSS, accessibly (advent.perldancer.org/2018/21)
— Reject if at least one of fields isn't empty
Don't fill this in!
— If option 1 alone doesn't work, additionally ask a question that's (hopefully) easy to answer (e.g. the color of the sun, sky etc.)
— Alternatively, use a keyboard-accessible slider and ask users to slide it (esp. for mobile)
— Options 1 and 2 don't prevent targeted attacks. reCAPTCHA v3 (needs to be used site-wide for better results) and Invisible reCAPTCHA v2 ("I'm not a robot" checkbox) do help then.
— Beware of tracking and privacy implications.
↬ Integrate Honeypot + Case studies
projecthoneypot.org
↬ Accessible honeypot
advent.perldancer.org/2018/21
↬ State of CAPTCHA + alternatives, regularly updated + responsive considerations
tehnoblog.org/google-no-capt…