Skip to main content

How Do CAPTCHAs Work and Why Are They So Difficult?

whats-captcha

You’re trying to purchase an item or log into an account. You enter your credentials, but before you proceed, you need to prove that you’re a human being. Tick the box marked “I’m not a robot”. You can see a blurred image with skewed digits that you need to decipher. These are CAPTCHAs, and while they can be a nuisance, they’re necessary.

Right?

What are CAPTCHAs and how do they work? How are they different from reCAPTCHAs? And why are many of them so difficult?

What Is CAPTCHA?

CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart. They take their name from Alan Turing, the genius cryptanalysis who created the Turing Test. This is a way of examining a machine’s thinking, to check whether its behavior is indistinguishable from that of a human being.

v3 spambot protection CAPTCHAs

A standard Turing Test involves a real person judging the subjects. CAPTCHAs don’t: they’re generally administered by a computer. As such, some call them the “reverse Turing Test”, while others know them as Human Interaction Proof (HIP).

CAPTCHAs were created to stop bots from spamming websites. Any proficient technology whizz can make a program that automatically signs up to millions of accounts; CAPTCHAs are designed to stop that from happening.

It’s because computers find it difficult to decipher distorted text—or at least more difficult than humans do. Most CAPTCHAs are paired with different color gradients in the background, to further obscure the message.

There’s debate over who created CAPTCHAs, though the term was coined by Carnegie Mellon University, Pittsburgh, in 2003.

The scholarly team posited that they could be used to secure emails, online polls, and other services requiring registration from search engine bots, worms and spambots, and dictionary attacks. They’re also useful in combating Distributed Denial of Service (DDoS) attacks.

How Do CAPTCHAs Work?

Text can be really obscured, but you can often still make out what it means. The more skewed symbols are, the more effective a CAPTCHA is. That’s because humans exhibit pareidolia, a phenomenon in which our brain tries to make sense of randomness. It’s your mind trying to assign order out of chaos.

Pareidolia is why you infer faces where they shouldn’t be—in clouds, buildings, cliff faces, trees, drinks, flowers, and more.

The most famous examples of this psychological quirk typically feature either religion (with people claiming to see Jesus in their food) and astronomy. You’ll know Barnard 33 by its colloquialism, the Horsehead Nebula, due to its equine qualities; others see a rabbit carved into the craters of the moon.

That’s also why you can make out words in CAPTCHAs even when they’re crossed out and bent out of shape. Our brains make connections that computer programs typically can’t.

Why Are CAPTCHAs So Difficult?

Luis von Ahn, formerly of Carnegie Mellon University’s CAPTCHA team, says it takes an average of nine seconds solving a CAPTCHA. 92 percent get it right. That might make you feel stupid for inputting the wrong combination, but it shouldn’t. Everyone is part of that remaining 8 percent from time to time.

In fact, failure rates rise from 8 percent to nearly 30 percent if the CAPTCHA is case-sensitive.

The problem with inferring information is that we can easily infer the wrong information. An “I” can become a “1”. It’s even harder when the CAPTCHA doesn’t consist of words but random letters.

Fortunately, services know humans are fallible and can’t always read blurred text. Most CAPTCHAs give you the option to generate a new one, so if you’re struggling, refresh it.

The main reason CAPTCHAs can be so tough is through necessity. As CAPTCHAs have evolved, so too have attackers. Artificial intelligence (AI) can read even particularly distorted text with an estimated 99 percent accuracy. CAPTCHAs have had to up their game.

Notably, Google has advanced the technology considerably, but we’ll come back to that.

How do programs defeat CAPTCHA? They’re cracked using algorithms that look for particular shapes. These typically convert the text box into grayscale, removing the distortion afforded by color artefacts. They then focus on patterns and cross-match these with standard letters and numbers.

The algorithm takes, effectively, educated guesses when it comes to any digits that remain unidentified.

CAPTCHAs: What Could Possibly Go Wrong?

There are numerous problems with CAPTCHAs—especially for those with disabilities. It’s particularly true for people with poor eyesight or suffering from dyslexia.

Yes, CAPTCHAs have developed to fight bots more effectively and get easier for humans. In some cases. It’s done so in a few significant ways. The first is through variation of verification. One widely-used example of this is replacing text with photos.

You might be presented with pictures in a grid and have to click on each box displaying road signs. This works so well because programs suffer from computer vision, i.e. a difficulty understanding the contents of digital images.

Some AI can differentiate and understand what a photo contains. Think about Facebook’s DeepFace technology, which can recognize facial features and suggest profiles. Nonetheless, these types of CAPTCHAs are an extra challenge for bots—an additional hurdle for brute force attacks and their ilk.

Images also work well for those using smartphones and tablets: it’s much easier to tap-select the right squares. That is, as long as those photos load properly!

Another adaptation is audio CAPTCHA, which reads the text for those struggling to make out the digits. These are often accompanied by background sound. This can cause further troubles for spammers using voice-recognition software.

The other important way CAPTCHAs have evolved is through integration with Google, and the introduction of reCAPTCHAs. And no, they’re not quite the same thing…

CAPTCHA and reCAPTCHA: What’s the Difference?

Most CAPTCHAs you see are actually reCAPTCHAs. The latter does the same job as the former, but surpasses this by also furthering machine learning.

What’s more, reCAPTCHAs are used for the digitization of books.

They were developed by the same team from Carnegie Mellon University who gave us the term “CAPTCHA”. The open-source software aimed to “preserve literature by deciphering a word that was not readable by computers”. Effectively, each time you decipher a word found in a reCAPTCHA, it’s used for machine learning. You’re helping the program understand the varying shapes and patterns of symbols.

CAPTCHA is a random combination; reCAPTCHA consists of targeted words that bots haven’t been able to analyze previously.

It was released in 2007 and acquired by Google in 2009. Many consider Google a massive conglomerate that you can’t trust, but reCAPTCHAs have done a lot of good. Just two years after the acquisition, the technology had entirely digitized the archives of Google Books and The New York Times. Both are invaluable repositories of information.

It’s ironic that technology can now understand text effectively, making reCAPTCHAs redundant. That’s why Google has pushed the idea further.

Ever wonder what happens when you click on “I’m not a robot” and proceed straight away, without deciphering anything? Google’s new reCAPCTHA analyzes your activity across the whole site then secretly assigns you a probability score to determine whether you’re human or a bot.

Essentially, it’s worked out whether your interactions with the service are more indicative of a real person or a program.

Easy on Humans, Hard on Bots?

As bots become more intelligent, security systems have to advance too. ReCAPTCHA is a solid enough idea. For now.

But many question the power held by Google. Artificial intelligence can recognize human behavior. Factor in all the things Google already knows about you and that’s certainly a cause for concern.

Read the full article: How Do CAPTCHAs Work and Why Are They So Difficult?

Comments

Popular posts from this blog

The Best 10 Social Media Platforms for Photographers to Flaunt Their Talent

Social media offers an excellent opportunity for photographers to connect with potential clients. In the digital era, it's a great asset. By showcasing your work on these networks, you can reach new audiences. Whether you are a professional or freelance photographer, the following social platforms will help you show off your work and get the right people to take notice... 1. Behance Behance is a classic portfolio publishing network that functions like a LinkedIn for creatives. Designed by Adobe, this is one of the best photography networking sites currently out there. The platform is ideal for sharing your portfolio and favorite images, allowing other Behance users to like and comment on your photos. By learning from their feedback and professional critiques, you can improve your work. The coolest feature of Behance is that it lets you find professional gig opportunities right on the platform. With your portfolio already available on the site, getting work becomes effortless.

The 6 Best Platforms for Sharing Your Digital Art Online

Whether you're looking for somewhere to host your digital art portfolio or simply want to share your latest artworks, it can be difficult to choose a website to upload to. Or at least, it definitely is more so than before, now that art websites aren't bubbling with as much excitement as they used to be. You know that each site has its pros and cons, but it's hard to figure out what those are unless you make an account and see for yourself. Don't worry if you don't have time for that—we've got your back. Here are the websites we recommend for sharing digital art, and why you might want to consider them. 1. Pixiv If you were around when the online art scene was ridiculously active, chances are that your art style is influenced by anime and/or manga in some way. Otaku culture began its slow sneak into mainstream media back then, and Pixiv is a great home for artists that fall in that category. Pixiv started as a small online community based in Japan, but has s

Snapchat Suspends Two Anonymous Messaging Apps Over Cyberbullying Claims

In light of a lawsuit that was filed earlier, two Snapchat apps, Yolo and LMK have been suspended by Snap. The apps allowed users to send anonymous messages on the platform. The Lawsuit Calls for an Immediate Ban of Yolo and LMK According to a LA Times report, the lawsuit was filed on behalf of Kristin Bride, the mother of a teen who committed suicide in 2020. The lawsuit alleges that Bride's son took his own life after being cyberbullied via Yolo and LMK. In addition to this, the lawsuit alleges that Yolo and LMK aren't doing enough to tackle cyberbullying, and have consequently violated consumer protection law as well as their own terms of service and policies. Both apps use Snap Kit, a set of tools that allows developers to directly connect to Snapchat for better integration features. Today the family of a 16-year-old Oregon boy who took his own life after being cyberbullied sued Snap and the makers of apps YOLO and LMK, alleging that the companies should be "h