Security can be increased by using Google's invisible reCAPTCHA in addition to
another spambot countermeasure such as Q&A. Since Google's invisible reCAPTCHA performs its verification in the background, and no challenges are displayed if the user is deemed to be of low risk, there is no further inconvenience to legitimate users, beyond that of the Q&A itself.
You can experience this working on our registration page, where it has been working for over a year:
After you click the "I agree ..." button you will see the Q&A at the bottom of the form, and the only way you know that invisible reCaptcha is also working, is the "three arrows" reCaptcha icon in the bottom right corner of the window.
This was done by modifying php and html code, and has no user interface. Here are the two modified files that make it work for the above registration page. To find the mods, search on "Dave" or diff them with the originals.
I propose that Enabled/Disabled radio buttons be added to the end of ACP->Spambot countermeasures->Available plugins with the Description:
Combine with invisible reCAPTCHA:
Use Google's invisible reCAPTCHA in addition to the above selected plug-in.