What Makes CAPTCHA So Complex (and Consistently Chafing)?

What Makes CAPTCHA So Complex (and Consistently Chafing)?

“To confirm you’re a human being, select all of the images that include traffic signals.”

Chances are good that you’ve seen such a requirement before as you’ve spent time online, whether you were filling out a form or logging into a website. Whether it was an evaluation like the one above, or simply one where you needed to identify a highly distorted series of alphanumeric characters, you probably have also noticed these tests getting more difficult as time has passed. The reason for this is simple: computers are getting better at beating them.

Let’s take a few minutes to examine the ramifications of this improvement, and how it will impact how users can identify themselves as legitimate in the future.

What is CAPTCHA?

CAPTCHA, or Completely Automated Public Turing Test to tell Computers and Humans Apart, is what Google uses to catch automated spam before it assaults the Internet. The idea is that there are certain ways that humans will interact with content differently than automated spam can. Therefore, by requiring a certain task to be completed in a certain way, the legitimacy of a user can theoretically be verified.

At the turn of the century, CAPTCHA was highly effective against spambots by simply requiring the user to identify the text shared in an image. Alas, this was not to remain the case.

Why CAPTCHA Has Gotten More Challenging

The trouble really started after Google was able to take possession of CAPTCHA and—more importantly—utilize it to help digitize Google Books. The issue here was that, by doing so, the text used to verify users needed to become much more distorted to fool the optical character recognition programs available. No easy feat, especially as human beings were also giving the optical recognition programs the data needed to improve their capabilities as they solved them.

The creators of CAPTCHA saw this coming, predicting that machine intelligence would overtake human capability when it came to passing these tests. Adding to the issue, these tests need to be universally approachable, free of any cultural influence or bias.

This eventually led to CAPTCHA being replaced by NoCAPTCHA ReCAPTCHA in 94 percent of websites that implemented it. Focusing more on user behavior, the implementation of NoCAPTCHA ReCAPTCHA has not stopped the development of even more secure methods, seeing as many threats are now focused on replicating how a user would interact with the system.

The fact of the matter is that automated tools and bots are now more effective than most people when it comes to solving CAPTCHA prompts. In 2014, a machine learning algorithm went head to head against users to test how accurately the traditional distorted-text variety could be bypassed.

The bot was successful 99.8 percent of the time. The humans were successful 33 percent of the time.

Making things worse, CAPTCHA-solving programs and services are also available, providing a cost-effective way to undermine the security measure.

How Can CAPTCHA Be Made Secure Again?

While CAPTCHA has the potential to still be effective, there undoubtedly needs to be some way to make it easier for a human being to complete but confounding to a machine. To accomplish this, various tactics have been considered, some more likely than others to be implemented:

  • Requiring users to classify faces based on various guidelines, like their expression, gender, and ethnicity. This method is least likely, considering today’s amplified social awareness.
  • CAPTCHAs that rely on regionalized trivia and nursery rhymes, with these targeted questions helping to prevent bots and distant hackers from succeeding.
  • Image-based CAPTCHAs that use more subjective content like cartoons and optical illusions. 
  • Gamified CAPTCHAS with contextual hints for instructions that a computer wouldn’t pick up on.
  • Cameras and augmented reality being used to enable physical authentication.

Of course, there is also the continued research into behavior-based authentication that uses metrics like cursor accuracy and other traffic patterns. Google has started testing some of these variables on a case-by-case basis.

The way things are shaping up, it’s somewhat likely that these security Turing tests will only be passable in the future by incorrectly performing a task or answering a question.

If there’s anything that this tells us, it’s that account and data security is only going to grow in importance. BNMC is here to help you do everything you can to secure your business, its data, and by extension, its future. Find out more by calling our team at 978-482-2020 today.


Comments 1

vendingshop vendingshop on Wednesday, 21 October 2020 06:20

great work man, I would like to congratulate you on this effort cn logistics.

great work man, I would like to congratulate you on this effort [url=]cn logistics[/url].
Already Registered? Login Here
Wednesday, December 02 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Productivity Business Computing User Tips Privacy Email Cloud Network Security Microsoft Software Hackers Efficiency Hosted Solutions Business Workplace Tips Data Computer Malware Hardware Communication Google IT Support IT Services Small Business Smartphone Mobile Devices Internet Cloud Computing Android Mobile Device Tech Term Data Recovery Backup Managed IT Services Smartphones Phishing Users Ransomware Innovation Outsourced IT Windows VoIP Saving Money Upgrade Information Disaster Recovery Network Data Backup Cybersecurity Facebook Miscellaneous communications Social Media Windows 10 Browser Office 365 Server Microsoft Office Business Management Business Continuity Passwords Productivity Managed IT Services Quick Tips Windows 10 Internet of Things Managed Service Data Management Gmail Collaboration Word Vulnerability Remote Monitoring Gadgets Apps Analytics App COVID-19 Save Money Artificial Intelligence Remote Work Encryption Money Mobile Office Government Conferencing Chrome Managed Service Provider Infrastructure Tip of the week Virtual Reality IT Support Spam Networking WiFi Employer-Employee Relationship Settings Information Technology Access Control VPN BYOD Applications Google Drive Paperless Office Remote Workers Router Display Company Culture Website Office Tips Firewall Maintenance Automation Avoiding Downtime Hacker Data storage End of Support Antivirus Development Document Management Big Data HIPAA Operating System BDR Employee-Employer Relationship Computers IT Management Data Security Content Filtering Bandwidth Business Technology Virtual Private Network YouTube Apple Unified Threat Management Education Storage Risk Management Robot Augmented Reality MSP Password Two-factor Authentication Managing Stress Laptop Managed IT Service Customer Relationship Management Scam iOS The Internet of Things Remote Computing Wireless Outlook Solid State Drive Break Fix Computing Bring Your Own Device Downtime Search SaaS LiFi Managed Services Marketing Wi-Fi Social Training Holiday Humor Hard Disk Drive Virtualization Mobile Security Hosted Solution Best Practice Administration Retail Alert Mouse Server Management OneNote Touchscreen Compliance Business Intelligence Data Breach Windows 7 Managed IT IT Going Green Software as a Service Tablet Social Network Data loss How To Telephone Systems Vendor Management Regulations Monitors desktop Chromebook Printing Superfish Procedure Social Engineering K-12 Schools Legal Meetings Disaster Entertainment Vendor Buisness Bluetooth Comparison Distribution Cookies Digital Digital Signage Data Warehouse Firefox Twitter Computing Infrastructure Professional Services Unified Communications Drones Shortcuts Mobile Management Sports Websites Social Networking Windows 8 Monitoring Solid State Drives Virtual Desktop Address Permissions Streaming Processor User Error Reviews Chatbots eWaste Employee-Employer Relationships Patch Management Payment Card Star Wars PCI DSS Safety Wearable Technology Network upgrade Deep Learning Uninterrupted Power Supply Hybrid Cloud Specifications Logistics Nanotechnology Mobile Device Management Spyware Troubleshooting Business Analysis Alerts USB File Sharing Security Cameras Profiles Heating/Cooling Multi-Factor Security Motherboard Cables Computer Care IBM Spying National Security Human Error Memory Time Management Printer Remote Identity Continuity Alt Codes Analysis Students Inventory Network Congestion Fraud Cost Management Battery Smart Office Scalability Black Friday Asset Management Screen Reader Charging Identity Theft Virus Cybercrime Writing Licensing Dongle Budget Utility Computing Servers Google Calendar Wires Corporate Profile Updates Emergency Peripheral Automobile Device Reducing Cost Network Management Solar Typing G Suite Mixed Reality Dark Web Shadow IT Assessment Files Work Dell Migration Consulting Cyber Monday Memes Dark Data Update Smart Tech Current Events LED Threats Cooperation Service Level Agreement Cabling Laptops Legislation Voice over Internet Protocol WannaCry PowerPoint Management Google Maps Mobility Batteries Halloween SharePoint Politics Cryptocurrency Microsoft Excel Gamification Hotspot Internet Exlporer Techology RMM Work/Life Balance IT Technicians Optimization Google Docs Smart Technology Customer Service Connectivity IT solutions Co-Managed IT Policy Office Samsung Staff Leominster Managed Services Provider Statistics Health Private Cloud Modem FinTech Hacks Onboarding GDPR Lenovo Value Google Wallet Print Toner Myths Scary Stories Downloads Tech Support Bitcoin Slack Hard Disk Drives Mail Merge Blockchain Language Content Huawei Running Cable VoIP Unified Threat Management Banking Mirgation Recycling Business Growth Messaging Shortcut Distributed Denial of Service Holidays IoT Digital Payment Notifications Electronic Medical Records Tracking Physical Security Cleaning Upgrades Gadget CCTV Emoji Crowdsourcing Webcam Personal Information Botnet Error 3D Printing Cortana Point of Sale Ben McDonald shares Mobile Computing Printers Processors Travel Machine Learning user treats Unsupported Software Regulation Supercomputer CrashOverride Motion Sickness Computer Repair Relocation Staffing Administrator Mobile Data Taxes How To Web Server what was your? Recovery IT Budget Financial GPS IT Consultant Black Market Law Enforcement Cameras

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3