What Is A CAPTCHA?

Date First Published: 23rd May 2023

Topic: Cybersecurity

Subtopic: Security Mechanisms & Technologies

Article Type: Computer Terms & Definitions

Difficulty Level: 5/10

Learn more about what a CAPTCHA is in this article.

Stands for Completely Automated Public Turing Test To Tell Computers And Humans Apart. A CAPTCHA is a security feature designed to prevent spam or abuse from automated bots by requiring that users take a simple test to verify that they are a human. It is most commonly used in web forms and contains tests that are impossible for most automated programs to recognise.

Web forms often have CAPTCHAs in place as protection against bots. However, a CAPTCHA test may be automatically triggered by user behaviour resembling bot behaviour, like if users request webpages at an unusually fast rate, click through hyperlinks very quickly, have JavaScript disabled, or if they block all cookies. Users may have to complete a CAPTCHA to continue browsing the website.

Importance Of CAPTCHAs

Although CAPTCHAs can be a small annoyance to visitors, they only take around 10 seconds for most visitors to complete and save website owners a lot of hassle by preventing bots from spamming and overloading the server with repeated requests.

Bots often crawl the internet and search for forms to fill in to generate spam comments, sign up for spam accounts, guess passwords by repeatedly trying to log in, scrape email addresses, and even order products with invalid details on shopping websites, which can cause the seller to waste money on delivering products to no one. Even though CAPTCHAs do not 100% guarantee no automated bot activity as advanced bots find ways to bypass them, they provide a good layer of protection against this.

Examples Of CAPTCHA Tests

Below are 11 examples of CAPTCHA tests:

• Word-based CAPTCHA - This asks users to enter the text from a distorted word image. The text in the image may be wavy or have lines through it to make it unrecognisable by an automated bot.
• Audio-based CAPTCHA - This is where a user listens to a word and types what they have heard. This is an alternative option to word or image identification for users that have difficulty visually identifying the word or image.
• Picture-based CAPTCHA - This asks the user to select the correct image they are asked to identify. For example, multiple images may show up and it may ask to select the picture of the clouds.
• Basic maths problems. This provides users with easy-to-solve maths problems, like '2 + 5' and the user must enter the correct answer to complete the CAPTCHA. Whilst these types of CAPTCHAs are quicker, they can be solved by advanced bots.
• 3D captchas. These types of CAPTCHAs are known as super captchas as they consist of multiple 3D images with both images and words.
• Honeypot field. This is an extra field added to a web form that is not visible to users due to CSS or JavaScript. However, when a bot fills out a form, it fills out every input field, including the hidden honeypot field, but ignores the CSS or JavaScript code. If the honeypot field is empty, the form will be submitted. If the anti-spam honeypot field contains data, that is a way of detecting bots.
• Alternative account sign-in. Instead of users creating their own usernames and passwords, the website owner allows them to use their Google or Facebook account to sign in. Since bots do not have social media accounts, this will prevent them from making automated registrations. The disadvantage of this method is that not all users are comfortable with giving their account permissions to new sites.
• Time-based CAPTCHA. This type of CAPTCHA records the amount of time it takes for someone to fill out a form. Since bots usually fill out forms very quickly and real human users take some time to fill them out, if the user entered the required information very quickly, it would be able to detect a bot.
• Confident CAPTCHA - With this type of CAPTCHA, the user is asked to select matching items based on the question. For example, they may be asked to select all images containing cars.
• Biometric CAPTCHA - This type of CAPTCHA is more secure and advanced, since it relies on the user's physical characteristics, like fingerprints, face, or voice to confirm that the user is legitimate. It is mostly used on mobile devices.
• Press and hold CAPTCHA - More sites have been using this type of CAPTCHA, often when users request pages at an unusually fast rate. This type of CAPTCHA requires users to click the checkbox and hold it for around 10 seconds.

What Is ReCAPTCHA?

ReCAPTCHA is a free CAPTCHA service provided by Google that helps protect websites against spam and abuse from automated bots. Anyone can add ReCAPTCHA to their website. Google has extended the functionality of ReCAPTCHA tests to include image recognition, tickboxes, and a general user behaviour assessment, which doesn't require any user interaction.

Some ReCAPTCHA tests ask the user to tick a box next to the statement "I'm not a robot". The test analyses the movement of the user's cursor as it approaches the tickbox. It can tell whether the cursor is coming from a human or not by analysing whether it has some randomness that bots cannot mimic.

If the movement of the cursor contains some tiny, random movements, then the test decides that the user is likely to be legitimate. If it cannot determine whether the user is a human or not, it will display a challenge, like an image recognition test. Most of the time, ReCAPTCHA can determine whether the user is a bot or not without giving them a challenge to complete.

Comments