CAPTCHAs: What They Are and Why They're So Hard to Enter
What Is the Meaning and Purpose of a CAPTCHA?
A CAPTCHA is a test that checks whether a human, not a computer program, is submitting an online form. It's intended to prevent bots, automatic sweepstakes entry services, hackers, and similar automatic logins from cheating the system.
What's behind the funny name? CAPTCHA is an acronym that stands for "Completely Automated Public Turing Test to tell Computers and Humans Apart." A Turing Test is a test for intelligence in a computer or a program.
CAPTCHAs have a wide range of applications. They prevent hackers from performing "brute force" attacks where they try to break into an account by guessing every possible password combination. They also prevent fraudulent sweepstakes entries and illegitimate votes in contests.
How Do CAPTCHAs Work?
The most common CAPTCHAs display a series of letters and numbers. The entrant needs to type those characters before they can submit the form.
In theory, computers can recognize text from images — but to do so reliably, they need a clean, crisp image.
To make it difficult for computers to read the characters, CAPTCHAs are often distorted or placed on a confusing background pattern. Software programs cannot easily identify the letters and numbers by their shape.
Instead of strange letters and numbers, some CAPTCHAs ask people to play a game, such as putting all of the moving images of food on a plate while ignoring images that don't show food. This is also a test that is difficult for a computer to pass.
Some CAPTCHAs offer the option to listen to the letters as they are spoken out loud, which is especially important for the visually impaired. They might also ask you to perform other actions, such as picking all of the pictures that show a house or a road sign.
Why Are CAPTCHAs So Tricky?
Although they're supposed to be easy for humans to solve, CAPTCHA codes can be confusing frustrating. However, there's a good reason why they are not easier.
Blocking cheaters and spammers is a game of cat and mouse; Cheaters are always trying to crack CAPTCHAs and companies are always trying to strengthen their security to make them harder to get around while letting legitimate entries through.
Understanding the methods that spammers use to circumvent CAPTCHA sheds light on why those CAPTCHA codes can be hard to enter. Here are some of the most common ones:
Avoiding CAPTCHA with OCR
OCR, which stands for Optical Character Recognition, is a way for computers to identify text from images. If you want to scan a document into your computer and edit it like any other electronic document, you scan the image into the computer, then use OCR software to convert the image into text.
When CAPTCHAs are clear and easy to read, cheaters can use OCR software to break the code. That's why so many CAPTCHA codes are blurry, have wavy lines behind them, turn the letters sideways, or otherwise make the text hard to read.
If you try to OCR a document, you'll notice that many words go through without problems, but anything that makes the text a little unclear, like smears or smudges on the paper, causes the OCR software to make errors and confuse the words.
If you're having trouble with a code that's hard to read, there are some tricks that help you solve CAPTCHAs more easily.
Displaying CAPTCHA Codes on Other Websites
CAPTCHAs are designed to be easy for humans to solve, but hard for computers to enter automatically. But that doesn't help if it's humans who are solving the CAPTCHAs.
Cheaters and spammers have gotten around CAPTCHAs by passing the code to another website, where people enter the code to get access to some other feature. For example, people think they're solving a puzzle or typing a code to get access to an (often pornographic) picture.
To combat this, many CAPTCHAs expire quickly. If a new CAPTCHA needs to be entered every few seconds, it reduces the odds that cheaters can trick someone into typing the response in time.
Paying People to Crack CAPTCHAs
Some companies offer programs that allow cheaters to pay a small amount of money to crack CAPTCHAs. They are similar to the trick above, but they pass the CAPTCHA codes to people working in sweatshops in third-world countries to solve. A fast-expiring CAPTCHA can also fight this kind of hack.
Exploiting Poorly-Coded CAPTCHAs
Some CAPTCHAs are not coded correctly, making it possible to guess the solution from the code or to have the same CAPTCHA accepted over and over again. Luckily, companies can avoid this problem by using free and reliable CAPTCHA programs like Google's reCAPTCHA.
It would be great if we didn't have to jump through hoops to submit entry forms, but it's less frustrating when you keep in mind that those hoops are there for our protection.
For example, Kmart had to suspend a big giveaway when hackers started winning all of their prizes. Hacking the sweepstakes was easy to do because Kmart didn't use CAPTCHAs.
Nowadays, it's rare to find a giveaway that doesn't use some kind of hack protection — either a CAPTCHA or a different verification method.
Courts have found that circumventing CAPTCHA violates the DMCA, making it illegal. Nevertheless, as long as there's profit in circumventing CAPTCHAs, criminals will look for new ways to crack them, while companies investigate new ways to boost security.