You may not know what CAPTCHA is, but you’ve certainly used it many times before. That distorted text that needs to be retyped before you can submit a form on a website? That is CAPTCHA in action.
CAPTCHA is actually a very important tool for protecting websites against bots and automated hacking tools. Malicious apps are very good at completing forms automatically, but not so good at decoding the text hidden in images. And it was this principle that led to the creation of CAPTCHA tests in the first place.
Are you a human?
Bots have been a major problem for website owners for many years. To help separate real people from bots, technologists invented the Completely Automated Public Turing Test to tell Computers and Humans Apart – CAPTCHA. Humans can read the text hidden in the pictures, computers cannot.
Recently the CAPTCHA test has changed somewhat. Now you are presented with nine small pictures and you must click all that match a specific instruction; all the pictures that contain a storefront for instance. The basic principle remains the same though – bots cannot accurately analyse the picture, so they cannot fool the system.
Computers can pass the test
The problem is that computers are getting smarter. Artificial Intelligence and machine learning technologies means that bots can teach themselves how to analyse images and identify the letters hidden in them. They can even accurately identify elements in images, allowing them to circumvent newer CAPTCHA systems.
Unfortunately, this means that CAPTCHA no longer offers protection against bots. It also means that websites still using CAPTCHA are at risk of hacking.
Web technology specialists are looking at other ways of detecting whether you are human or not. One solution proposed by Amazon is the use of a test that humans will fail – like counting how many times the letter ‘e’ appears in a long sentence. Bots will not fail these tests – but people often will.
Google have developed another alternative they call ‘Invisible reCaptcha’. The system uses AI to detect how you interact with the webpage, tracking mouse movements and click times for instance. Because a bot does not make these “human” motions, the system can identify and block them – without you even knowing that it is there.
We need a working replacement
By keeping bots away from their websites, site operators ensure that their mailing lists are accurate, competitions are not cheated, goods and tickets are not sold to illegal touts and re-sellers, and that your data is not stolen. So a working CAPTCHA system is actually benefits you too.
If a suitable CAPTCHA replacement cannot be identified, it may be that website owners are forced to use an alternative system that verifies identities. Social logins – like Facebook and Google – are a useful option, but they can also be exploited by bots.
It may be that the fight against bots becomes a race between Artificial Intelligence systems; the good guy site operators battling hackers with ever smarter computer systems that can train themselves to spot a human. Ironically, we can expect to see less human input into the decision making process in future.