My company developed a Turing test as a replacement for CAPTCHAs. It uses an API very similar to Google's reCaptcha, and has gained some traction. It's called VouchSafe (www.vouchsafe.com).
I have a potential client who would like to integrate it with a large (over 30K users) Excahnge 2010 OWA deployment to address issues they've been having with brute-force hijacking of accounts.
Ordinarily, this would be a piece of cake, but there doesn't seem to be an existing API or any direct way to hook the controller for the login form. I've looked around, and the only solution I've found is a silly kludge using AJAX. That won't work because would-be hackers could simply POST directly to the form URL and bypass the Turing test altogether.
I've had no joy getting any help directly from Microsoft, but I was thinking that someone in the community must have addressed this problem before. I can't imagine that everyone is simply leaving their login forms vulnerable and open.
Does anyone have any suggestions as to what I can demo to the client as a possible workaround?
Thanks very much,
Chris Ivey