How frustrating is it to solve CAPTCHA when you are in a hurry to fill a registration form or book flight tickets? We solve most of the CAPTCHAs without any hiccup but sometimes get stuck in it and wonder why this thing exists? So, this post is about explaining the invention and importance of captcha and its performance over time. Let’s dive in!!
What is CAPTCHA?
CAPTCHA is an acronym for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’. It is a type of challenge-response test to determine whether the user is human or not.
CAPTCHA is nothing but the automated test or Turing test which can be passed only by humans and not by any computer or machine or program or bots etc.
The Turing test is a process in which a human asks a question to other human and computer. The process generates a question and asks both the human and computer to give their response. Now, the human questioner, who can’t see either respondent, must try to identify which respondent is human and which is the computer.
Till now, not even single computer cam close to such Turing test and hence not able to break it. Thus, CAPTCHA is a system that generates code and grade tests that —
- Only humans can pass but
- Current computer programs cannot pass
Why was CAPTCHA introduced?
The primary purpose of having a system like a CAPTCHA was to stop hackers or spammers from posting sensitive topics on Internet forums. They would use automated bots to implement that. The first commercial use of CAPTCHA was in Gausebeck-Levchin test. Earlier, the CAPTCHA tests were like retyping the distorted text which was difficult for a computer bot to recognize. later on, as the technology progressed, the tests became more challenging for bots to solve.
In short, CAPTCHAs were designed to restrict access to resources to humans only. Hence, CAPTCHA can be considered as a form of access control.
How does CAPTCHA work?
CAPTCHA is an easy Turing test. The end-user has to solve the test to proceed further. The most common form of CAPTCHA is an image with distorted letters and symbols. The user has to type in the exact characters written in that image. Computer fails to process the visual data and identify the distorted pattern.
Another type involves a mathematics sum which the user has to solve. Modern-day CAPTCHAs ask the user to select all the images related to a particular word(Image verification). These are known as re-CAPTCHA.
Types of CAPTCHA
1. Text CAPTCHA
As I said earlier, text CAPTCHA is the most commonly used CAPTCHA where the user requires to see the distorted alphanumeric characters and enter them in the provided textbox.
2. Image CAPTCHA
Image verification CAPTCHAs provide a set of images and ask users to select all those images which contain the word given by CAPTCHA. For example, “Select all the squares with traffic lights”.
3. Audio CAPTCHA
A text and image CAPTCHA also provides an option of audio CAPTCHA. In this, the user has to listen to the audio recording and then type in the characters. This is useful for visually impaired people.
4. No CAPTCHA reCAPTCHA
This CAPTCHA requires to tick the checkbox saying “I’m not a robot”.
5. Math CAPTCHA
This CAPTCHA requires the user to solve a basic math problem such as addition or subtraction of two numbers.
6. 3D CAPTCHA
These are also called Super CAPTCHA. This CAPTCHA includes both the images and text creating a 3D image which is quite difficult to solve for humans also.
Why CAPTCHA is used?
To prevent the spamming from bots or attacks in real life, CAPTCHA is commonly used in —
- Online polls
- Free email services
- Search engine
- Worms and spam
- Preventing dictionary attacks
- Preventing unauthorized access in security systems
Are CAPTCHAs foolproof?
As the technology evolved so the hackers spamming techniques.
Nowadays, CAPTCHAs have failed to protect spamming because spammers have found many ways to bypass CAPTCHA tests. They are using machine learning and deep learning algorithms to train their bots. These algorithms extract the pattern to solve the CAPTCHA by analyzing a huge dataset of CAPTCHAs.
With the creation of CAPTCHA-cracking algorithms, this system has become prone to cyberattacks.
There are several browser plug-ins available which allow users to bypass CAPTCHA. Some of them are AntiCapture, CAPTCHA Be Gone and Rumola.
All these plug-ins automatically detect CAPTCHAs on a webpage and solve them on behalf of users. Although these are paid services but are cheap. These plug-ins are developed with the intention to help visually impaired ones and the ones who don’t want to waste their time solving CAPTCHAs. But they are unknowingly posing a security threat to users as unkown third-party add-ons could contain malware, thereby infecting user’s computer.
How to keep CAPTCHA secure?
If you want to keep your website safe from spammers, you need to use CAPTCHA. To implement CAPTCHA for your website, you can use this website. However, you should take note of the following measures to create more secure CAPTCHAs.
- Use some unknown strings or random characters and numbers.
- Blend text with images as used in 3D CAPTCHAs to make it difficult for automated bots to detect the characters.
- Use images with more distortion and random pattern. Otherwise, it will be easy for a bot to identify normal images.
- Have different CAPTCHAs. In case a person failed to pass in the first attempt, multiple chances are made available to a person with unique CAPTCHAs.
- Provide users with various CAPTCHA forms such as an audio CAPTCHA.
While implementing these security measures, keep in mind that CAPTHAs should be easily passed by humans.
As computers become more sophisticated, the testing techniques must also evolve. If we raise the difficulty level of CAPTCHA, it will keep bots away but also make irritating for real users as it will be more complex and time-consuming.
To solve this problem, Google is working on a new technique where it will track your cursor movement or browsing habits to determine whether you are human or not. This is known as Invisible reCAPTCHA. If something suspicious found then old fashioned CAPTCHA will be presented to solve for further verification.