Why Are CAPTCHAs Getting Harder To Crack?

If you’ve spent enough time on the internet, chances are you’ve encountered an ‘are-you-a-human’ checkpoint. These checkpoints, aka CAPTCHAs (Completely Automated Public Turing test), help tell computers from humans. From a small box asking whether you’re human to identifying picture squares with traffic lights, CAPTCHAs have become testy over the years. Multiple failed CAPTCHA attempts can really set your teeth on edge.

CAPTCHAs were first developed by a team of researchers at Carnegie Mellon University for Yahoo in 2000 to curb automated programmes from rapidly generating free email accounts. Technology is all the more significant in today’s digital world. In 2019, cybersecurity firm HUMAN (formerly White Ops) found that over a 90-day period, several prominent organizations lost more than $30 million combined to marketing fraud.

CAPTCHAs set up barriers only humans should get past and are commonly used on most online platforms.

THE BELAMY

Sign up for your weekly dose of what's up in emerging technology.

What’s the catch

So, why would these tests become harder? In a fun twist, a CAPTCHA is an elegant tool to train AI. In 2014 Google tested CAPTCHA solving ability in its machine learning algorithm against humans. The test used hard-to-decipher distorted texts, and the computer got the test right 99.8 percent of the time while the humans called it right 33 percent of the time. From here, Google introduced the ‘No CAPTCHA reCAPTCHA’. This involves the click of the ‘I’m not a robot’ button for some and image identification for others, based on observations of user data and behaviour. However, with machines catching up again, designing CAPTCHA has become a whack-a-mole game.

Additionally, a puzzle that is too difficult for bots might end up being hard for humans to solve as well. In fact, many people find CAPTCHAS irritating because they have become more challenging for humans than machines. This does not make AI more intelligent than us—it simply makes us, well, human. Human beings are not machines. They are diverse in terms of education, language, skills, etc., and the point of a universal CAPTCHA is to have a test every human can pass.

Workarounds

Unfortunately, we still need some form of CAPTCHA (hopefully, a better type of it in the near future) to keep the bots and malware at bay. Imagine going to a website for a limited offer or a giveaway for a product you have been waiting months for only to find it sold out and then finding out that half those clicks were made by artificial intelligence (who will now be receiving these free goods). 

Hence, we need a system to keep the intrusive machines out. There have been some attempts at that, including game CAPTCHAs, which require users to rotate objects or move puzzle pieces. The trick is that the game will not specify instructions, thus stumping AI, but humans will intuitively know what to do from the context (e.g. they’ll recognise the game board). For now, this sounds quite annoying—and imagine having to play a puzzle you don’t recognise or know how to play? 

Other proposals to replace CAPTCHA include trivia CAPTCHAs or those based on nursery rhymes native to the region the user grew up. Some attempts were made at identifying people based on ethnicity, gender and facial expression. In 2010, a study designed CAPTCHAs prompting users to segment and index rock art, i.e. human markings on stone. In another interesting case, Amazon received a patent in 2017 for a scheme where the only way through is by getting the wrong answer.  

Researchers are also looking at doing away with CAPTCHAs altogether. Shuman Ghosemajumder, chief technology officer of the bot-detection company Shape Security, said he preferred detecting human behaviour in users instead. For instance, monitoring someone’s interactions with their mouse (a bot would either not use one or be very precise in it) would allow us to decipher who is human. This sounds a little dicey from a surveillance standpoint and, given that bots have now learned to mimic typos and the conversational skills of someone who does not speak English very well, it may ultimately not be too useful. 

As of now, CAPTCHAs remain integral to our use of the internet. We might need to find a better alternative quickly, but given the many factors behind choosing a suitable CAPTCHA, it might be a while before we see something foolproof. 

More Great AIM Stories

Mita Chaturvedi
I am an economics undergrad who loves drinking coffee and writing about technology and finance. I like to play the ukulele and watch old movies when I'm free.

Our Upcoming Events

Conference, in-person (Bangalore)
Machine Learning Developers Summit (MLDS) 2023
19-20th Jan, 2023

Conference, in-person (Bangalore)
Rising 2023 | Women in Tech Conference
16-17th Mar, 2023

Conference, in-person (Bangalore)
Data Engineering Summit (DES) 2023
27-28th Apr, 2023

Conference, in-person (Bangalore)
MachineCon 2023
23rd Jun, 2023

Conference, in-person (Bangalore)
Cypher 2023
20-22nd Sep, 2023

3 Ways to Join our Community

Whatsapp group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our newsletter

Get the latest updates from AIM