k_Street Consulting, LLC Blog
CAPTCHA and Its Many Challenges
We’re all familiar to some degree with the security measure known as CAPTCHA. You know the one—you usually see it when filling out forms or logging into sites online, where you have to prove that you’re a human being by identifying which of a variety of images fit a certain description. You may have noticed that these tests have gotten far more difficult over time. This is because, predictably, computers are getting better at beating them.
Let’s discuss what this signifies, and how this may shape how users authenticate themselves in the future.
Defining CAPTCHA
Short for Completely Automated Public Turing Test to tell Computers and Humans Apart, CAPTCHA has long been the standard tool used by Google to prevent automated spam from polluting the Internet by requiring (in theory) a human being to interact with content in some way before allowing access or a task to successfully be completed.
Back in the early 2000s, CAPTCHA was effective against spambots, being able to bamboozle them by simply requiring images of text to be identified.
The Growing Issues with CAPTCHA
However, once Google gained ownership of CAPTCHA and used it to help digitize Google Books, the text needed to be increasingly distorted to continue to fool optical character recognition. Adding to this was the fact that human beings solving these CAPTCHAs gave optical character recognition the information needed to improve its skills.
This is the downside to CAPTCHA that its creators foresaw from the beginning: at some point, machines would ultimately overtake human capabilities when it came to identifying these images. Furthermore, these tests also need to be universally applicable, working wherever someone is located despite any cultural biases and differences that a user might have.
Since then, CAPTCHA has been replaced by NoCAPTCHA ReCAPTCHA (the one where your user behavior is used to judge your humanity) in 94 percent of websites that use CAPTCHA. Further research and development is in progress to reinforce the security of these tools.
However, automated bots can already bypass CAPTCHA more effectively than most humans can. In fact, in 2014, a machine learning algorithm was made to compete with users to solve distorted text CAPTCHAs and managed to bypass the security measure 99.8 percent of the time, as compared to the humans’ 33 percent. There are also various CAPTCHA-solving programs and services available for use that can effectively access vast amounts of pages for little cost.
What is Being Done to Resecure CAPTCHA
There are many different approaches under consideration to improve the practical efficacy of CAPTCHA—making it simpler for human beings and more difficult for machines as originally intended. To accomplish this, a few different tactics have been explored, some more plausible than others:
- Rather than identifying text or images, users would be asked to classify images of faces, based on expression, gender, and ethnicity (probably not the best option, in today’s contentious environment).
- CAPTCHAs based on trivia and regionalized nursery rhymes, with these culturally based questions designed to overcome bots and overseas hackers alike.
- Image identification that uses cartoons, hidden-image illusions, and other relatively subjective content to outfox automated CAPTCHA-cracking tools.
- CAPTCHA tools that test users by having them perform basic game-like tasks, with instructions given in symbols or contextual hints.
- Device cameras and augmented reality being used as a form of physical authentication.
Finally, a lot of consideration is being put to authentication measures that examine a user’s online behaviors and actions to determine whether there’s a real human being at the controls, or if a clever piece of software is trying to gain access—whether the mouse moves, for instance, or how precise it is as it does. Google itself is starting to examine traffic patterns to test “users” on a case-by-case basis.
There’s even a chance that these kinds of Turing tests will only be passable in the future by selecting an incorrect answer.
Regardless of how, it is only going to become more important to secure your accounts and the information they contain as time passes. k_Street Consulting, LLC is here to help you secure your business and its data. Learn more about how we can protect your business with the right IT solutions by calling (202) 640-2737 today.
Comments