CAPTCHA is the short form of the Completely Automated Public Turing test to tell Computers and Humans Apart . The log form explains the CAPTCHA very well. CAPTCHA is simply used on web sites, web applications or internet-connected mobile applications to detect and apart humans from the bots, computers or spammy humans.
Why Use CAPTCHA?
Internet is a very complex and low regulated environment where adults, children, bots, computers, the hacker simply all of them share the same environment with easy access. A resource or service which is shared on the internet can be used everyone who has access. But controlling the behavior of the users on the internet is not easy because they can be bad to consume or hack all the resources or services in an automated way by using botnets or a script.
Here comes the TURING Test. Alan Turing is the father of modern computing where he proposed a test to decide if the answers to the asked question are provided by a human or computer. This test is called as Turing Test.
Turing tests can be used in or to prevent resource and service protection against a bot or automated scripts by eliminating non-human parts. The CAPTCHA is a problem or mechanism which can detect the remote side as human or not.
History Of CAPTCHA
First CAPTCHA is invented in 1997 by two groups working in parallel and versioned as CAPTCHA 1.0 . This CAPTCHA was manual where the user should solve the given mathematical problem and provide the correct answer to prove he or she is a human.
How CAPTCHA Works?
CAPTCHA may work in different ways according to its type. But in general, the following steps are taken.
- User lands to the applications or web site he wants to use.
- Before starting to use the applications or web site the CAPTCHA mechanism starts.
- If the CAPTCHA is action-based, a minimal part of the application or web site page is used for the CAPTCHA to ask something from the user. This can be solving a math problem, selecting pictures, solving a little puzzle, etc.
- The asked thing can change according to the Type of the CAPTCHA which will be explained below.
- The user should provide the asked thing in a human way
- The provided answer will be evaluated or checked against and the CAPTCHA will decide if the user is a hıman or not.
Types Of CAPTCHA
During the history of the CAPTCHA, a lot of different types are created. There are two reasons to create a lot of different types of CAPTCHA. First is making the user experience better without annoying him with a faster and better CAPTCHA mechanism. The second reason is the Attackers generally hack some type of CAPTCHAs a bot or scripts can pass these easily.
Word CAPTCHA is one of the most popular captcha types where some word is shown to the user and wanted from him typing this word into the given textbox. In the first years, the words were printed normally which can be solved by OCR technology but recently these words are distorted to make them hard to read. In some cases, even a human can not read these images. For disabled peoples, this type of captcha provides audio to listen and type but this is generally not good as expected.
Picture Identification Captcha is another popular type of captcha where a group of pictures are provided to the user and requested to select the images which contain some type or group of objects like an animal, traffic lights, stores, etc. Generally, 9 images are provided and clicking on them is used to select. In some implementations, the correct answer image is refreshed with a new image up to the captcha system that decides you are a human.
Checkbox or reCaptcha or Click Captcha is a type of captcha where the user will just click a checkbox. This may seem very simple to pass but in the background, a script will run which is integrated with the browser like Chrome and check the user identity. Google uses this type of captcha with some extra behavioral analysis. This captcha is best for the user experience.
Math Problem Solving Captcha is an old type of captcha where some mathematical problem is provided to the user. The provided mathematical problem is generally summed operating with simple parameters and easy to solve for most of the people. In the first years of this captcha, the parameters and operation were provided as text but bots and scripts can capture these and solve the problem easily and pass the captcha. Recently the mathematical problem is provided as pictures where the picture is distorted like a word captcha.
3D Captcha is similar to the word captcha where is provides some text but as a 3D form. Also, multiple text and shapes can be joined together in order to prevent OCR. This type of captcha also called Super Captcha because it is very hard to solve.
Ad-Injected Captcha is similar to the word captcha was some type of ad is displayed as captcha and the user wanted to put the text of the ad as an answer. Even this type of captcha is less effective the ad income and improving brand recognition makes it attractive for the application and web site owners.
Slider or Action Captcha is based on the user actions where generally a slider is provided to the user and wanted from the user that sliding it to the specified direction and level.
Puzzle or Drag and Drop Captcha is similar to the slider captcha were some objects are provided to drag and drop into the specified are. This type of captcha is similar to the puzzle solutions to put parts into the right location.
Game or Tic Tac Toe Captcha is a captcha version where some simple games should be played and a win is required. Generally simple games like Tic Tac Toe is provide as captcha. Solving this type of captcha requires more time than other types of captchas and should be used for only required situations and cases.
Advantages Of CAPTCHA
CAPTCHA is used mainly for security but provides a lot of advantages to the web applications and site owners.
- Prevent bot and scripts to use the web site.
- Prevent unwanted registration and form submission.
- Protect against humans for multiple or recurring actions
Disadvantages of CAPTCHA
There are also some disadvantages of using captcha. So using captcha for a given situation should be precisely decided.
- Bad user experience because of wrong captcha type selection.
- Increasing the load of the web application for extra captcha work.
- Preventing disable people to use web applications or web site.
- Slowness for the web site of web application usage.
- Bad user impact.
Applications and Usage Area Of CAPTCHA?
As the threads, bots, script usage is increased the captcha usage and usage areas are increased too on the internet. Here are some of them.
User Registration is one of the most used cases to prevent bot and zombie accounts. Especially internet-wide open registrations can be misused and a single human or a bot script can create a lot of user registration form. Before starting or completing the registration captcha can be used to check the remote side is a human.
Support Messages is another use case where support messages can be only sent by humans. This will prevent spam messages. Especially on the internet site of the different services and products support page can be attacked by the bots. In order to send support messages and request support, captcha can be used which will also eliminate unnecessary work for the support personnel.
Blog Comments is another popular case for captcha where spammy comments can be prevented. Blogs generally provide a comment part for the posts. Comments are helpful to get an answer to the reader’s request, questions, and comments. Scripts can spam the blog comments without a captcha or login protection. Captcha can be used without a login requirement simply check the remote part is a human.
Online Pools is another usage area of the captcha where multiple bots or scripts can be prevented for recurring voting.
User Login is security related usage where dictionary attacks can occur. In this usage, captcha can prevent dictionary attacks after given failed login attempts.
Google reCaptcha Service
Captcha can be implemented in different ways. There are two main types of captcha implementation where the web site or application owner will install the captcha infrastructure or third party services will be used as a captcha provider. Using a captcha provider is more easy, reliable, efficient than installing the captcha infrastructure.
Google reCaptcha is the most prominent captcha services which provide reliable, easy, fast to implement captcha. Currently, Google provides captcha as version 3.
