Captcha

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a test often used on the web to stop automated registrations and scripts submitting form data (eg. blog comments or online polls). This is usually achieved by showing the user a string of distorted letters and numbers as an image, and requiring the user enter the string correctly.

There are two problems with this method: blind people or people with visual impairments cannot see the image (or will struggle to read the image), so will be unable to continue with the process. This can, however, usually be solved with an audible captcha or a way for the user to contact a support team who may be able to activate the registration. The second problem is that many implementations have been solved, with a script created that can read the captcha image and find the solution.

The best implementation, as recommended by those who created captcha, is reCAPTCHA. It scans words in from a book, sending a recognised word and an unrecognised word to the user. If the recognised word is correct, it takes for granted that the unrecognised word is also correct. To be sure, it is sent to other people and checks that they both match. Solutions are then used to archive old books, completing those words that couldn't be recognised using automated recognition software. Being a central tool, the script or the CAPTCHA can be updated if by any chance a bot is created that can read the current reCAPTCHA tests.

If reCAPTCHA is not used, there are a list of guidelines that a CAPTCHA should follow; if these aren't followed then the user might have difficulty reading the text or a bot might be able to pass the test:

  • The CAPTCHA needs to be accessible, for example providing an audio CAPTCHA for those that are blind or struggle to read the text

  • The image used should be distorted enough so that bots cannot read the text. Many implementations of CAPTCHA suffers from this problem

  • The script used should be secure, examples of this guideline not being met include having the solution passed to the browser in plain text, or being able to use the same solution more than once

  • Most tests aren't secure if used widely (for example a maths test like “What is 1 + 1?”), since the people who create the bot will soon write code that can pass these kind of tests if enough sites use it.


Comments

No comments submitted. Why not be the first?

Submit a comment

Comments are moderated, and all IP addresses will be logged