What is Captcha and how does it work?
What is Captcha and how does it work?
CAPTCHA is a popular security mechanism that is often used to protect against spam on websites. Almost everyone has had to deal with such verification.
CAPTCHA codes come in many different functions and designs – but the bottom line always remains the same: the goal is to keep spam out as much as possible. And this still works well. We explain what the technology is all about.
What does CAPTCHA mean?
CAPTCHA is short for the term “Completely Automated Public Turing test to tell computers and humans apart”. The technology reliably distinguishes between humans and computers – and can therefore be ideally used to protect against spam.
The implementation of the technology is very simple: Bots, for example, are blocked out with images, arithmetic tasks or distorted representations, while normal users can usually solve the logical tasks easily.
What is CAPTCHA used for?
In most cases, CAPTCHA codes are used whenever information needs to be confirmed. A classic example here would be online forms for contact requests. Such an implementation prevents simple-minded spambots from filling out and submitting the same form over and over again.
Regardless of whether it’s used for newsletter registering, making digital purchases (e.g. ticketing), requesting a quote or sending messages on social networks – verification by CAPTCHA is widespread today.
However, using a CAPTCHA code does not guarantee filtering the unwanted spam one hundred percent. Some sneaky programs can overcome even this hurdle. Moreover, CAPTCHA has a reputation of worsening the user experience for normal users and being considered annoying.
What types of CAPTCHA are there?
CAPTCHA can be used in many different ways on the web. In the end, all versions always serve the same purpose: to keep bots or spam away from websites. Even though some variants are more popular than others, you will certainly have come into contact with the majority of the different implementation options.
The most famous and widely used classic CAPTCHA is text-based and acts exactly as simple as it sounds: the system generates a random sequence of numbers and letters that are displayed slightly distorted.
The distortion of the display is particularly important so that automatic recognition does not have an easy time. Therefore, even normal users have to make some effort with some codes in order to correctly recognize the answer.
A calculation based spam protection is often found in forms. A simple math task that adds or subtracts number A with number B. The big advantage here is that such a task can be spoken aloud thanks to the read aloud function (= screen reader).
With the help of the calculation, the human user can easily get the solution, while many spam programs fail at this.
Image-based CAPTCHA codes are being encountered more and more frequently. Here, nine randomly generated images are usually displayed on an image interface and the user has to click on all the cars or trees displayed there, for example.
The other images display a different motif that is not related to the correct solution. This type of CAPTCHA is considered particularly secure, since bots have great problems solving the task correctly.
Logic-based CAPTCHAs are used when the process is particularly straightforward: the user is presented with four randomly generated icons and has to click on the correctly requested icon (= select the “house” icon).
This version is particularly popular with users because it is uncomplicated and easy to use – however, this technique does not provide the protection that the image variant does, for example.
Audio-based CAPTCHAs are often used as a supportive variant for people with visual impairments. In many of these cases, the visual CAPTCHA can be swapped for the audio-based version with the click of a button.
After this swap, a sequence of numbers is read aloud in an understandable manner, which the user must enter in the appropriate field to complete their action and thus successfully bypass the protection mechanism.
The new technique based on a mini-game is still quite new on the market and therefore not too widespread – nevertheless, this option is becoming increasingly popular. The user has to solve the CAPTCHA with the help of a small game, for example by playing memory or dragging and dropping an apple into the displayed interactive knife.
Even Google has launched its own CAPTCHA tool to protect websites from spambots. The highlight here is that this process works differently than the previously mentioned alternatives.
Here, the system checks the user in the background for IP addresses, cookies or other potential anomalies and then decides whether or not to display a CAPTCHA code to the visitor. Also different: If the Google solution decides to display a code to the user, the user only has to check the box. No further actions are required.
Important additional information: There are many question marks around the topic of reCAPTCHA in combination with the European Data Protection Regulation and the use of the service is not absolutely in line with the strict GDPR.
CAPTCHA alternative: Whitelisting/Bot Management
So-called Bot Management can be the answer to keeping spam and bots out. Here, care should be taken to ensure that the bot solution does not rely on labor-intensive blacklisting, but works with the help of whitelisting.
The whitelisting approach combines artificial intelligence with machine learning to detect and block bots completely automatically in real time.
The desired traffic can pass through the protection barrier and creates a completely normal user experience. Such deployed technology either eliminates the need for CAPTCHAs altogether or is at least the ideal additional safeguard to avoid taking any risks.
Conclusion: CAPTCHAs still make sense – with some limitations
There is a reason why CAPTCHAs are now found on so many websites. The technology has stood the test of time and still provides some basic protection against spam and bots.
However, as harmful software becomes more intelligent, CAPTCHA technology must continue to evolve in order to remain a useful addition to one’s website offerings in the future. At the same time, companies should also include effective bot management in their internal strategy to fully protect themselves for malicious bots.
While a pure CAPTCHA solution offers some basic protection, the use of professional security technology guarantees significantly greater protection against malicious bots and superfluous spam.