The Evolution of CAPTCHAs for Online Security

May 26, 2021

The Evolution of CAPTCHAs for Online Security


If you have spent any amount of time on the internet, it is likely that you have encountered a CAPTCHA. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart, which is exactly what it does. Nowadays CAPTCHAs can be found anywhere from account creation to making a reservation. They were designed during the rise of spam bots to help differentiate between real versus automated users. CAPTCHAs must strike a unique balance between being difficult enough that computers should not be able to pass, yet an automated system has to be able to grade them. If you have become frustrated with how complex CAPTCHAs have become then you are not alone, but as you will discover in this post, there is a reason why they have developed to become so complex. 


History of CAPTCHAs


1997 - the first CAPTCHAs


The first CAPTCHAs used text that was warped or changed in some way that made it difficult for computers to read, but easy for humans to make out. Users had to simply type in the text that they saw to verify that they were not a bot. 


Photo credit: Cloudflare


However, once computers became more and more accustomed to the previous CAPTCHA, there was a need to create a new test to help distinguish between humans and bots.


2005 - reCAPTCHA


In 2005, reCAPTCHA debuted as a new version of the test. This test featured two words: one word was generated so that the computer knew the answer, the second one was pulled from a random article or book that was unknown to the computer. 


Source: http://irevolution.net/2013/06/17/recaptcha-for-disaster-response/


However, once the computer programs received enough input from users, they were actually able to “read” and distinguish the visually manipulated text. In fact, a 2014 Google machine learning study found that humans could solve CAPTCHAs with 33% accuracy and AI’s could solve it with a 99.8% accuracy. Once the computers surpassed human ability, there was again another need for a new test. 


2014 - RECAPTCHA v2


A new test was introduced, RECAPTCHA v2 featured images rather than texts, asking users to identify which images contained certain features. This also served to help differentiate between humans and bots by asking them to identify a visual stimuli. 

Source: https://i2.wp.com/securityaffairs.co/wordpress/wp-content/uploads/2017/03/imagechallenge1.png?resize=579%2C735


Eventually, AIs were able to surpass human ability in identifying and completing these CAPTCHA tests. Thus, the tests had to once again change. 


NOCAPTCHA and RECAPTCHA v3


The newest version of CAPTCHA was introduced as a solution to these problems. NOCAPTCHA and RECAPTCHA v3 verify that you are a human based solely on your behaviour. This version runs invisibly in the background that monitors for “bot-like” activity (i.e. clicking around too much, extremely fast typing). If this program does detect bot like activity it will ask the user to complete either the standard picture CAPTCHA test or verify with two factor authentication. 


Unlike previous iterations of the CAPTCHA test, the newest version does not have a standard for what qualifies as “bot-like” behaviour. Furthermore, it seems as though it will not be long before computers will once again surpass human ability and create a need for a new CAPTCHA test. Experts believe that at some point there may be no way to distinguish between humans and computers - eventually they may be able to do everything we are able to. 


Why Are CAPTCHAs Important for Security?


CAPTCHAs help to deter spammers and hackers from using forms on web pages to insert frivolous or malicious code. CAPTCHAs have been found to help reduce spam by 88%. This response system is the first line of defense by helping to filter out bot activity from your webpages.


Interested in further improving the safety of your company?


For added layers of security, get in touch with us and we can set you up with a security plan tailored specifically for you or your business. Click HERE to see what we provide.


Prevent and protect. Try it for 1-month.