If you have ever had to change an online password, or even sign up for an account, you have probably encountered a CAPTCHA at least once in your life. If not, then consider yourself lucky.
CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. Essentially, it is a way for a website to weed out automated attempts to access information, such as hacker using a robot, or bot, to access target’s account and change the password, or create multiple dummy accounts that can bog down the server.
The rationale behind the CAPTCHA is that a machine won’t be able to easily distinguish the letter and symbol combinations, which is why they often look like they were created by a drunken typesetter with a magnet poetry set and questionable spelling skills. Some have an audio option, but those are often as difficult to understand as the written words.
Unfortunately, those CAPTCHAs are also confusing to actual humans. As a result, a process that was designed to make our lives easier, and safer, has become a source of stress and frustration. The truth is that there are other ways to tell humans from machines, which don’t involve the humans rolling their eyes and trying to figure out if that letter is a lower-case “R” or some obscure Norse rune.
Created by Confident Technologies and other companies, image-based CAPTCHAS ask users to identify a picture instead of deciphering illegible text. The rationale is that it’s easier on the user, while still making it difficult for a machine, so that there’s less likelihood of someone typing the wrong thing and locking their account… or accidentally summoning an elder god.
Created by SwipeAds, and other companies, game-based CAPTCHAs require users to complete a simple and fun task before proceeding. Like the image-based CAPTCHAs, the game CAPTCHAs will still make it difficult for bots to get through, while making security easier, and even fun, for humans. The games only last a few seconds, so users are not likely to get sucked in.
Text message verification has been around for a long time, and it is probably one of the most reliable verification methods. Essentially, the website texts you a verification code that you need to enter before you can proceed.
Text verifications can also be extended to telephone callbacks, where a human has to answer the phone and press a requested key. While it might seem like a hassle, it’s actually much faster than trying to figure out the text CAPTCHA. However, you have to make sure that you have your phone nearby when accessing the site.
Email verification is another option, but it’s not used as often because of how easy it could be to create a fake email address.
Some websites simply gauge how long it takes the user to complete a task. For example, a bot can post multiple comments to a blog much faster than a human; so if a poster submits multiple messages seconds apart, the system will show a pop-up message saying they have posted too much, in too short a time, and that they need to chill for a minute. If it continues, the system might even lock them out. Timing tricks can sometimes mistakenly identify people as machines, like when someone accidentally double-clicks on the “submit” button, but they usually also allow people to make more than one mistake before locking them out.
The Honey Pot
In spy terminology, a “honey pot” is a trap that is set by luring the victim into a sexual situation. In computer terms it’s not quite as titillating. Essentially it is a trap that involves luring a machine into doing something that a human would, or should, not. For example, some web forms have a field that the user is instructed to leave blank. A human should read those instructions and not put anything in the field. A machine would fill out the field anyway, causing the system to reject the web form.
Featured image credit: CAPTCHAs/ShutterStock