More like this

Security

Google kills CAPTCHAs: Are we human or are we spammer?

Do you make up these questions, Mr Wonka?

Barbed wire against a clear blue sky

Google has developed a new CAPTCHA-like system to allow people, and not automated software, into websites with only a single click.

The "No CAPTCHA reCAPTCHA" offers a tick box for humans to check rather than distorted text to decipher. It's designed so that automated spam software is still fooled by it and gets stuck on the page, whereas humans can tick a box and continue through.

Youtube Video

CAPTCHAs1 in all their various forms have been a feature of the web for years. The technology is designed to protect websites from spam and abuse by attempting to weed out genuine visitors from robots and abusive scripts.

Users have typically been obliged to confirm they aren't robots by reading distorted text and typing it into a box.

As well as being something of a nuisance, this approach is proving increasingly ineffective, as Google itself now recognises. "CAPTCHAs have long relied on the inability of robots to solve distorted text," explains Vinay Shet, product manager of reCAPTCHA at Google in a blog post.

"However, our research recently showed that today’s artificial intelligence technology can solve even the most difficult variant of distorted text at 99.8 per cent accuracy. Thus distorted text, on its own, is no longer a dependable test," said Shet.

Google's response to this challenge has been to develop a No CAPTCHA reCAPTCHA API. On websites using this new API, many users will be able to securely verify they’re human without actually having to solve a CAPTCHA. Instead, with just a single click, they’ll confirm they are not a robot, by matching images of cats or other animals from a selection of possible choices.

Various alternatives to traditional wiggly-word CAPTCHAs have been proposed over the years. What Google is doing is not really technically innovative but nonetheless significant because the challenge technology is so widely used.

Many weird and wonderful alternatives to the unloved mangled-text CAPTCHA have been tried, ranging from videos and "games" to calculus-based CAPTCHAs. Google's reCAPTCHA at least serves some useful purpose in helping to digitize books.

The chocolate factory's revamped reCAPTCHA enables less reliance on typing distorted text which, in turn, allows Google and its many website partners to offer a better experience for users.

Traditional text-based challenges aren't going away entirely but will eventually only be used as a backup in cases where evidence from the new CAPTCHA isn't clear (rather than the default option).

The new image labelling-based CAPTCHA has the added bonus of being mobile-friendly, as it's much easier to tap photos of cats or turkeys than to type a line of distorted text on your phone.

Many websites - including Snapchat, WordPress and Humble Bundle - have already adopted the new No CAPTCHA reCAPTCHAs. Given Google's reach the approach is likely to be widely adopted by many thousands of websites over the coming months. ®

Bootnote

1CAPTCHA = Completely Automated Public Turing test to tell Computers and Humans Apart

Sponsored: 2016 Cyberthreat defense report