Haven't tried but suggestions I have heard are

- submit forms with Javascript (though bots will emulate in the future)

- create honey pot text fields that are invisible but bots will fill in anyway (I guess hide them with CSS)

- I suppose the names of the honey pot and real form fields should change constantly

A quick question, you said that the CAPTCHA is implemented across various login screens. Do that mean that you have to fill a CAPTCHA everytime you login ?

I don't know what your application do, but what is wrong with automatic login? I understand why automatic account creation IS a problem, but use automatic login is something I use everyday (via 1password).

But if you really need to do it, Tichy solutions seem goods

Maybe you could send an sms to a new user with a confirmation code ?

Unless you're a bank or something similar, you should never have to send people a confirmation code via text. And what if the person doesn't have a cell phone?

how about just ask a simple question? What is the capital of France? London Paris Donkey.

All of the "multiple choice" versions are prey to the spammers simply trying a random one. At the moment they don't because it's not worth their effort, but as more an more sites use the "Odd one out" or "What is ... :A, B, C" type CAPTCHA the spammer will simply scrape the questions and put a random answer. The odds are good enough that it will be worthwhile.

However, for now that method does work. If you use it, though, modularize and be prepared to change it later.

And for what it's worth, I find the existing CAPTCHAs infuriating, and I only tolerate them if I really want the service they're protecting.