Why Are CAPTCHAs Getting Harder To Crack?

If you’ve spent enough time on the internet, chances are you’ve encountered an ‘are-you-a-human’ checkpoint. These checkpoints, aka CAPTCHAs (Completely Automated Public Turing test), help tell computers from humans. From a small box asking whether you’re human to identifying picture squares with traffic lights, CAPTCHAs have become testy over the years. Multiple failed CAPTCHA attempts can really set your teeth on edge.

CAPTCHAs were first developed by a team of researchers at Carnegie Mellon University for Yahoo in 2000 to curb automated programmes from rapidly generating free email accounts. Technology is all the more significant in today’s digital world. In 2019, cybersecurity firm HUMAN (formerly White Ops) found that over a 90-day period, several prominent organizations lost more than $30 million combined to marketing fraud.

CAPTCHAs set up barriers only humans should get past and are commonly used on most online platforms.

Subscribe to our Newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

What’s the catch

So, why would these tests become harder? In a fun twist, a CAPTCHA is an elegant tool to train AI. In 2014 Google tested CAPTCHA solving ability in its machine learning algorithm against humans. The test used hard-to-decipher distorted texts, and the computer got the test right 99.8 percent of the time while the humans called it right 33 percent of the time. From here, Google introduced the ‘No CAPTCHA reCAPTCHA’. This involves the click of the ‘I’m not a robot’ button for some and image identification for others, based on observations of user data and behaviour. However, with machines catching up again, designing CAPTCHA has become a whack-a-mole game.

Additionally, a puzzle that is too difficult for bots might end up being hard for humans to solve as well. In fact, many people find CAPTCHAS irritating because they have become more challenging for humans than machines. This does not make AI more intelligent than us—it simply makes us, well, human. Human beings are not machines. They are diverse in terms of education, language, skills, etc., and the point of a universal CAPTCHA is to have a test every human can pass.


Unfortunately, we still need some form of CAPTCHA (hopefully, a better type of it in the near future) to keep the bots and malware at bay. Imagine going to a website for a limited offer or a giveaway for a product you have been waiting months for only to find it sold out and then finding out that half those clicks were made by artificial intelligence (who will now be receiving these free goods). 

Hence, we need a system to keep the intrusive machines out. There have been some attempts at that, including game CAPTCHAs, which require users to rotate objects or move puzzle pieces. The trick is that the game will not specify instructions, thus stumping AI, but humans will intuitively know what to do from the context (e.g. they’ll recognise the game board). For now, this sounds quite annoying—and imagine having to play a puzzle you don’t recognise or know how to play? 

Other proposals to replace CAPTCHA include trivia CAPTCHAs or those based on nursery rhymes native to the region the user grew up. Some attempts were made at identifying people based on ethnicity, gender and facial expression. In 2010, a study designed CAPTCHAs prompting users to segment and index rock art, i.e. human markings on stone. In another interesting case, Amazon received a patent in 2017 for a scheme where the only way through is by getting the wrong answer.  

Researchers are also looking at doing away with CAPTCHAs altogether. Shuman Ghosemajumder, chief technology officer of the bot-detection company Shape Security, said he preferred detecting human behaviour in users instead. For instance, monitoring someone’s interactions with their mouse (a bot would either not use one or be very precise in it) would allow us to decipher who is human. This sounds a little dicey from a surveillance standpoint and, given that bots have now learned to mimic typos and the conversational skills of someone who does not speak English very well, it may ultimately not be too useful. 

As of now, CAPTCHAs remain integral to our use of the internet. We might need to find a better alternative quickly, but given the many factors behind choosing a suitable CAPTCHA, it might be a while before we see something foolproof. 

Mita Chaturvedi
I am an economics undergrad who loves drinking coffee and writing about technology and finance. I like to play the ukulele and watch old movies when I'm free.

Download our Mobile App

MachineHack | AI Hackathons, Coding & Learning

Host Hackathons & Recruit Great Data Talent!

AIMResearch Pioneering advanced AI market research

With a decade of experience under our belt, we are transforming how businesses use AI & data-driven insights to succeed.

The Gold Standard for Recognizing Excellence in Data Science and Tech Workplaces

With Best Firm Certification, you can effortlessly delve into the minds of your employees, unveil invaluable perspectives, and gain distinguished acclaim for fostering an exceptional company culture.

AIM Leaders Council

World’s Biggest Community Exclusively For Senior Executives In Data Science And Analytics.

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox