Use (abuse) and limits of captcha

In technology circles it is not uncommon to hear about the upcoming evolution of captcha, in other words the tests which allow computer systems to establish whether the keyboard is actually being used by a human being or a bot. The acronym stands for ‘completely automated public Turing test to tell computers and humans apart’ and these tests are mainly used to prevent the decryption of passwords and the gathering of data for the purpose of spam. Their content is difficult for computers to identify, due to the presence of objects which overlap those to be recognised (so-called background noise).

With audio versions available for the visually impaired, these systems have often met with criticism due to the degree of difficulty in recognising the characters to be inserted. This has led to the development of different versions of the test, such as the reCAPTCHA, which is characterised by the requirement to recognise images with specific features (eg the presence of street maps).

The difficulties involved in deciphering the alphanumerical codes have been widely reported, which is why the No CAPTCHA reCAPTCHA has been developed, a test capable of recognising bots in a much simpler and quicker way. It has evolved from the old tests and is designed to allow the technology to be able to identify even the most complex bots.

In fact, all users need to do is insert the phrase ‘I am not a robot’ into the appropriate field. This is a very simple procedure but it allows the program to acquire various information about the operating system, the device’s IP address, cookies and even the movement of the mouse and the time taken by the user.

In cases where it is difficult to distinguish between a person and a bot, the system launches a second test, carried out in exactly the same way as before when the only form of captcha consisted of recognising the characters displayed at a strange slanted angle.

The invisible reCAPTCHA

Time is a crucial factor for users who browse the web and use its services. For this reason and with the specific aim of avoiding frustrating repetitions of the original required task, the invisible reCAPTCHA has been developed, which enables it to be established whether there is a bot or a human at the keyboard, without the need for any visible intervention.

This objective is achieved by combining a series of algorithms and the use of Artificial Intelligence, instruments which make it possible to detect parameters such as the movement of the mouse and the IP address, with a precision which was not previously attainable. The aim is to analyse whether the behaviour of the user shows matches the criteria of human behaviour. In such cases, authentication happens automatically and, as the name of the test suggests, invisibly.

How to avoid the abuse of Captcha

There are several simple methods that can be implemented when creating a site in order to avoid Captcha being abused. First of all, it is essential that the disambiguation mechanism is straightforward for all users. Another important measure involves making provision for users with a visual or auditory impairment. The language must also be considered and should be the same as that of the website’s intended target audience.

In order to remove any glitches, it is a good idea to carry out some dry runs with colleagues before launching the website online. It is important to note that, if using CMS, you can use high quality plugins which allow a Captcha to be easily added.

Translated by Joanne Beckwith