All,
I'm working on tightening things up to stop the torrential influx of spam. The process needs to be refined a bit.
Thanks for your patience as we continue to address this.
Dave
I think it works as intended, i.e. I think that the server has a "good enough" setting where they allow one or two characters to be incorrect while still accepting the answer.
There would be too large number of fails from valid users if it required 100% correct answers.
This is waaaay outside my expertise, but my banks website switches to a new window after the user id is entered. Thus the user ID and the password can not be entered simultneously. Again I have no idea if this would improve the spam resistance, but if it does, great