BuildingaBot-ProofPortfoliowithGames

Standard captchas are a bit of a nuisance. Most of us have spent far too long squinting at blurry photos of traffic lights or motorbikes while wondering if that tiny sliver of a bumper actually counts as a square. These systems feel clunky and boring, and they often ruin the aesthetic of a minimalist portfolio.

When I was building this site, I wanted to find a different approach. I was looking for a way to stop the relentless tide of spam bots without making my genuine visitors feel like they were undergoing a tedious security audit. The solution I settled on was a bit of good old-fashioned gamification.

The first line of defence is a quick round of Tic-Tac-Toe. Even though it is a simple game that everyone knows, it is remarkably effective at tripping up automated scripts. Most bots are programmed to look for standard input fields and submit buttons. They typically do not have the logic required to set up a fork and beat a reasonably clever AI.

I have tweaked my bot to be just hard enough that you actually have to think for a moment. You cannot just click through randomly because you have to win to proceed. This turns a boring security check into a five-second challenge that most people find quite engaging.

If you manage to beat the bot, you move onto the final challenge which is the Categories game. You are given a random letter and sixty seconds to name an animal, a country, and a food that start with that specific letter.

To make this genuinely secure, I have hooked the game up to a proper dictionary API. If you try to type nonsense, the system will politely decline the entry. This stage requires genuine human recall. While LLM-based bots might eventually solve this, standard scrapers and low-level bad actors simply will not bother with the effort.

The final result is that my inbox is cleaner than it has ever been. Beyond the security benefits, it also allows me to show off some custom logic that adds real character to the site. If you are a human reading this, feel free to give it a go on the contact page. Just try not to let the bot bruise your ego too much.