You may not know what CAPTCHA is, but you’ve certainly used it many times before. That distorted text that needs to be retyped before you can submit a form on a website? That is CAPTCHA in action.
CAPTCHA is actually a very important tool for protecting websites against bots and automated hacking tools. Malicious apps are very good at completing forms automatically, but not so good at decoding the text hidden in images. And it was this principle that led to the creation of CAPTCHA tests in the first place.
Are you a human?
Bots have been a major problem for website owners for many years. To help separate real people from bots, technologists invented the Completely Automated Public Turing Test to tell Computers and Humans Apart – CAPTCHA. Humans can read the text hidden in the pictures, computers cannot.
Recently the CAPTCHA test has changed somewhat. Now you are presented with nine small pictures and you must click all that match a specific instruction; all the pictures that contain a storefront for instance. The basic principle remains the same though – bots cannot accurately analyse the picture, so they cannot fool the system.
Computers can pass the test
The problem is that computers are getting smarter. Artificial Intelligence and machine learning technologies means that bots can teach themselves how to analyse images and identify the letters hidden in them. They can even accurately identify elements in images, allowing them to circumvent newer CAPTCHA systems.
What next?
Unfortunately, this means that CAPTCHA no longer offers protection against bots. It also means that websites still using CAPTCHA are at risk of hacking.
Web technology specialists are looking at other ways of detecting whether you are human or not. One solution proposed by Amazon is the use of a test that humans will fail – like counting how many times the letter ‘e’ appears in a long sentence. Bots will not fail these tests – but people often will.
Google have developed another alternative they call ‘Invisible reCaptcha’. The system uses AI to detect how you interact with the webpage, tracking mouse movements and click times for instance. Because a bot does not make these “human” motions, the system can identify and block them – without you even knowing that it is there.
We need a working replacement
By keeping bots away from their websites, site operators ensure that their mailing lists are accurate, competitions are not cheated, goods and tickets are not sold to illegal touts and re-sellers, and that your data is not stolen. So a working CAPTCHA system is actually benefits you too.
If a suitable CAPTCHA replacement cannot be identified, it may be that website owners are forced to use an alternative system that verifies identities. Social logins – like Facebook and Google – are a useful option, but they can also be exploited by bots.
It may be that the fight against bots becomes a race between Artificial Intelligence systems; the good guy site operators battling hackers with ever smarter computer systems that can train themselves to spot a human. Ironically, we can expect to see less human input into the decision making process in future.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
Panda Free Antivitus
FREE TECHNICAL SUPPORT
7 comments
CAPTCHA with nine small pictures is an abomination. E.g., we’re expected to distinguish “street signs” (a category that’s undefined to users) from other signs, even when the signs are in a language we don’t understand with an alphabet we can’t decipher; this is a test that a computer can pass far better than a human! Also, we aren’t told whether to click on or ignore a square containing only a small piece of the desired object.
I also think that captcha is dead and thanks for the article.
Thanks for reading us!
Kind regards,
Panda Security.
Well, well, how about Indian companies for Captcha solving?
Welcher Betrug steht da dahinter? Ich hatte Panda Gold installiert für 2 Jahre für meinen PC.
ohne mich z fragen wurde dieses Antivirus Programm unaktiviert. Dann habe ich Panda Dome gekauft und wollte neu installieren. das ist nun 20 Stunden durchgelaufen mit dem Fester mit dem drehendem Kreis. Es bleibt mir nicht anderes übrig als mit Panda Gold nochmal installieren und aktivieren. Ich habe Windows 10
Hallo Josef,
Bei technischen Problemen wenden Sie sich bitte an den technischen Support unter: https://www.pandasecurity.com/support/#homeusers
Mit freundlichen Grüßen,
Panda Security.
for every security, captcha is very important and sometimes it cants found. It is a dying day to day. I can’t understand how it really works?