How Does CAPTCHA Work?

We’ve all had to confirm we’re not a computer when attempting to log into an account. This is the core purpose of what once was called CAPTCHA… the Completely Automated Public Turing test to tell Computers and Humans Apart. However, it seems surprising that computers don’t easily overcome these simple-seeming tests.

Let’s dig into why these simple tests actually are effective at differentiating between human users and automated bots.

Authentication Was Once Far from Perfect

You may remember the CAPTCHA tests of the past, where they were random sequences of distorted alphanumeric symbols. While this approach was once effective, advancements in technology ultimately switched the paradigm. Instead of humans being able to interpret the symbols that baffled computers, computers were able to identify codes that human beings had little hope of transcribing… particularly those with conditions that impacted their vision.

Making matters worse, spammers began outsourcing, paying workers 30 US cents for each 1000 CAPTCHAs they deciphered.

A Pioneer of CAPTCHA Also Invented reCAPTCHA

A Guatemalan native, Luis von Ahn studied at Duke and Carnegie Mellon University, after which he joined the latter’s School of Computer Science as a faculty member. Not only was he one of the initial creators of CAPTCHA in 2003, but he also spearheaded the development of reCAPTCHA in 2007 before selling it to Google in 2009. After this accomplishment, he cofounded Duolingo, the world’s largest online language-learning platform.

How Does reCAPTCHA Work?

You’re likely quite familiar with the reCAPTCHA box’s circular arrow logo and simple “I’m not a robot” prompt. This test seems to be the simplest yet… all you have to do is check the box next to the prompt to confirm your humanity.

This test works by assuming that a human won’t be perfect, especially not compared to a computer asked to do the same thing.

For instance, let’s imagine that this page had a reCAPTCHA prompt on it. You’d have to move your cursor over to the reCAPTCHA field and check the box, as would a bot. However, if we were to compare your cursor movement to the bot’s, yours would be wobbly and imperfect, all at varying speeds, while the computer-controlled cursor would be precise and accurate, moving at a constant and consistent speed.

Make no mistake, the system may give you a more traditional CAPTCHA test if it is unsure based on your prior performance, but even that seems to be more of a mouse-tracking tool than a competency test… after all, even if you miss highlighting one of the squares with a roadway, it often passes human users.

These reCAPTCHAs also take the user’s browsing history into account, as this is one of the clearest ways to identify a human being amongst billions of bots.

Think about all the inane or trivial things you’ve Googled. A bot isn’t going to search for that, but someone legitimately using the search platform likely will have. This is one of the benefits of Google knowing what you do online. Lately, reCAPTCHAs have popped up that are completely automatic, relying solely on tracking information.

To Err is Human… So It’s Okay to Make a Mistake in reCAPTCHA

For all the other times you make a mistake, you can rely on White Mountain IT Services. We help New Hampshire businesses manage their mission-critical technology so they can accomplish more, more securely. Call us at (603) 889-0800 to learn more about what we do!

Related Posts

Stop Buying, Start Training: Maximizing the ROI of Your Technology

Throwing AI and automation at a business will not automatically increase profit margins. Many business owners look at the current software landscape and treat new tools as a shortcut to bypass foundational strategy. Technology can amplify efficiency, but it cannot manufacture value out of thin air. When an internal process is broken, automating it simply causes that broken process to run faster. ...

The Smoke, Mirrors, and Mind Games Behind Cyberscams

Cyberscams can be incredibly well-crafted and dangerous, and a significant portion of this danger stems from the scammer's ability to effectively utilize the psychological triggers that we all possess to some degree. Modern security training tends to focus on what signs we all need to keep an eye out for—and for good reason—but it does little to explore why modern scams are as effective as they ar...

How to Keep the Bad Guys From Winning

There’s a reason why we tend to focus on security, and that’s because it’s not a matter of if you experience a cyberattack, but when. It’s your responsibility to make sure that you’re ready to act in the right way when faced with these attacks. One of the best ways you can be prepared is by working with a managed service provider like us. Today, we have three ways we, as a managed service provider...

Your First Line of Defense Against Data Leaks and Compliance Fines

The AI Revolution is no longer a futuristic headline, it’s quickly becoming the operating system of the modern economy. As a business owner, you’ve likely already identified the AI tools you want to implement to stay ahead. The hard truth is that the best AI strategy in the world will fail if your team doesn't know how to use it safely and effectively. Many leaders view AI training as a nice-to...