CAPTCHAs: How they are Protecting the Websites and Systems from Bots

CAPTCHAs: How they are Protecting the Websites and Systems from Bots
Published on

Why are CAPTCHAs getting difficult to crack?

There has not been we have had been asked about proving that 'I'm not a Robot.' Or the time when we have to 'Click the images containing hills' or 'Click the images containing traffic signals' or simply enter the cryptic hard-to-read collection of letters and numbers that ensure we are a real person and not a bot, trying to accessing the system. Well, these annoying tests are called CAPTCHA, an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. These tests protect websites, accounts by generating tests or puzzles that humans can pass, but bots can't. Though a CAPTCHA doesn't prevent malware infection or network intrusions by professional crooks who can hire human decoders, it can defeat casual hackers.

While earlier CAPTCHA consisted of distorted letters, numbers, and words, later versions show an assortment of images. Of late, these images require confirmation 2-3 times. So, what made the simple 'I'm not a Robot' evolve into bizarre grids of images?

Evolution of CAPTCHA

According to the website of the Carnegie Mellon University of Pittsburgh, its researchers developed the first CAPTCHAs for Yahoo to prevent automated programs from rapidly setting up free email accounts, which would, in turn, be used to pump out spam. In 2014, when Google pitched one of its machine learning algorithms against humans in solving the most distorted text CAPTCHAs, it found that the computer got the test right 99.8 percent of the time, while the humans got a mere 33 percent. This led to Google switching to NoCaptcha ReCaptcha, which observes user data and behavior to let some humans pass through with a click of the "I'm not a robot" button and presents others with the image labeling, which we see today.

Threats by Bots

And it is expected that these CAPTCHAs will become increasingly complex and trickier as bots get smarter and better at recognizing them. While bots can read text, they cannot recognize images, so to get around a CAPTCHA, spammers often turn to optical character recognition (OCR) software that scans documents into editable text, helping bots to bypass the scrutiny tests. Moreover, some companies offer to pay for people to crack CAPTCHAs for US$2 or less per crack.

Proposed Solutions

Nan Jiang, a human-computer interaction lecturer at Bournemouth University, says, "There is always a battle between usability and security." To counter this issue, numerous alternatives have been suggested. These include CAPTCHAs based on nursery rhymes familiar in the area where a user purportedly grew up, CAPTCHAs to index ancient petroglyphs, and many more. In 2016, Google announced an Invisible reCaptcha that would use the algorithms of Advanced Risk Analysis. In this, Google's AI system looks for signs of human behavior by running in the background, detecting movements of the mouse cursor, how long it takes for users to click on a page, and removes the 'I am not a robot box' from webpages. It also scores traffic according to how suspicious user activity seems. Other authentication methods include two key verification, answering generic questions set by the user herself, passwords, and so on.

Uptake

Though CAPTCHA is successful in minimizing the spam comments, preventing fake registration, it is still not a foolproof solution. Further, it is not of help for people with visual impairment and can result in a bad experience for users by interrupting their activity. Hence, till we find or devise a better solution or an updated version of CAPTCHA that cannot be cracked and safe; researchers need to keep experimenting, websites can have an extra layer of security. So, meanwhile, these squiggly generated numbers and images are our best bets.

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp

                                                                                                       _____________                                             

Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.

Related Stories

No stories found.
logo
Analytics Insight
www.analyticsinsight.net