You've surely come across a CAPTCHA code countless times before, most likely even without knowing its name.
In this article, Captcha: what it is and why it is used, we will trace the history of CAPTCHAs from their very first appearance to their widespread popularity. We'll take a look at the usefulness of these tests and what their operation is based on. Then, we'll delve into the different types of CAPTCHAs used until recently and examine what new methods are currently being used to keep bots away.
Table of Contents
When were CAPTCHAs created?
It's not clear who it was that first introduced CAPTCHA codes. On one hand, we have the AltaVista team which developed them in 1997 to introduce them in its search engine in order to prevent it from being used by bots. The method used by this research group came to fruition with the publication of a patent in 1998.
Years later, in 2003, a research group from Carnegie Mellon University (Pittsburgh) introduced a similar method that they identified with the acronym of CAPTCHA. But what is Captcha?
What is CAPTCHA code?
The term CAPTCHA stands for Completely Automated Public Turing-test-to-tell Computers and Humans Apart which translates to Public and Fully Automated Turing Test to distinguish humans and computers.
The acronym was introduced in the University of Pittsburgh researchers' publication in 2003 and is still the term that is used to refer to this type of test.
The CAPTCHA code was created, therefore, as a test, generated by a program, that tests humans and machines (computers or bots). The purpose of the test is to determine the identity of those who perform it and is based on the assumption that only a human can complete it.
The first CAPTCHAs involved solving a simple test: observe a short sequence of characters (numbers and letters) and rewrite it. To make sure that the test could be completed by a human and not a machine, the characters were presented in a distorted way.
It is precisely the distortion of the image, in fact, that prevented computers from identifying the characters, making them, in fact, illegible.
This system was the basis of every CAPTCHA code for years until it proved to be vulnerable and was, therefore, updated with more secure methods.
Between 2013 and 2014, Google and other companies analyzed the effectiveness of CAPTCHAs, noting that artificial intelligence was capable of recognizing and solving alphanumeric codes. This initiated the search for new and more secure methods, but before we see what they are let's understand under what circumstances it is useful to use CAPTCHAs.
CAPTCHA code: what is it for
The function of the CAPTCHA code is to protect you from spam, but how does it work? In most sites, there are sections that allow you to register, fill out a contact form or enter comments or reviews. Each of these pages allows users to interact with the site, but there is no guarantee that a bot won't do it. The most common case where it comes in handy to have a CAPTCHA code is, therefore, just when you want to prevent bots from sending spam comments. But that's not the only case.
CAPTCHAs help to increase the security of a site in other ways too. For example, by protecting accesses: for this reason, it is often requested to insert them also in the access pages of the sites. After entering the access data, CAPTCHA allows validating identity.
In this way, if a bot tries to access it, even if it has an email and password, it will not be able to validate the CAPTCHA. The same applies when you register or try to change a password by changing it with a new one.
In all these circumstances, the presence of the CAPTCHA code blocks unwanted access, ensuring that it is a real person who performs these operations.
The use of CAPTCHA is therefore important within a broader strategy to keep your site safe. If you want to delve deeper into the topic of security, you can read our article on how to secure WordPress.
As artificial intelligence has evolved, it has become increasingly difficult to keep bots away. That's why over the years more and more effective methods have been developed that can't be easily bypassed by machines. Let's take a look at these different types of CAPTCHAs one by one.
Types of CAPTCHA
The first example of CAPTCHA code consisted of rewriting short sequences of letters and numbers. Besides being mixed and matched, the symbols were distorted, skewed, or were different in size.
Often every letter (or number) differs also from the other in color. Some devices were adopted also in the background in order to disturb the readability as you can see in the example here above.
These tricks were used to reduce the possibility that a bot could decipher the content of the image by transforming it into text.
The first version of reCAPTCHA created by an independent company, acquired by Google in 2009, was also based on this textual method.
reCAPTCHA version 1
The first CAPTCHAs used by Google consisted of a box with one or two words, readable but distorted, and an empty field in which to insert them.
To allow users with visual impairments to complete the test, buttons were also introduced that allow the user to listen to a recorded audio that "reads" the sequence for them. The audio version of the codes CAPTCHA has been then maintained also in the following versions of the reCAPTCHA in order to guarantee accessibility.
If there was any difficulty in solving the test, there was also the possibility to repeat the test using a new CAPTCHA code. This first version of the reCAPTCHA was maintained until March 2018, in the meantime, however, a new version had already been developed.
reCAPTCHA version 2
The vulnerability of text-based CAPTCHAs had already been highlighted in 2014. That very year, Google demonstrated how artificial intelligence was able to decipher altered texts with an accuracy of 99.8%.
So how can we protect ourselves from spam?
That's how the new reCAPTCHA, also known as No CAPTCHA reCAPTCHA, was developed.
The classic CAPTCHA code has been replaced with a verification box next to "I'm not a robot". In some cases, after checking the box with a click, the test is validated directly, while in others it is necessary to complete a second step.
Textual CAPTCHAs have not, therefore, disappeared entirely, but have been integrated into a new method. After confirming that you are not a robot, you are asked to type a CAPTCHA code.
In this case, however, the test no longer shows an image with distorted text, as was the case in the first version, but a Google Street View photo containing numbers or text. In other cases, parts of text taken from Google Books are also used.
With this new version of reCAPTCHA Google also introduces a new type of test - CAPTCHAs with images. In this case, the test consists in finding the images that represent a certain element among those suggested.
In the example you see below, you are asked to identify all the photos in which there is a fire hydrant.
It goes without saying that this type of CAPTCHA is more effective than the textual ones because a bot has more difficulty in identifying the contents of the images.
reCAPTCHA version 3
In October 2018, Google introduced a new version of reCAPTCHA that allows you to identify a user and distinguish him from a bot simply by examining his behavior on the web page.
In this case, the validation does not involve solving a real test, but a verification process is performed in the background. By doing so, the CAPTCHA acts without interrupting the user's activities on the site.
This new version of the CAPTCHA analyzes the actions of the users assigning a score to each of them. By analyzing the results it is, therefore, able to ascertain if it is a human being who performs the action or not.
With this new version, the site administrator can keep an eye on what is happening on his site. From the Google Developer Console, in the reCAPTCHA section it is possible to check the results of these tests and set up additional checks if actions are identified as spam attempts.
In this way, for example, comments or reviews that have been identified as possible spam can be passed for moderation.
For effective protection from spammers, Google recommends that the reCAPTCHA be placed not only on pages that include contact forms but on multiple pages of the site.
Other types of CAPTCHAs
Google's reCAPTCHA system is the most widely used, but it is not the only type of test out there. In addition to the most common text and image CAPTCHAs, there are also other methods to verify the identity of the user and protect the site from spam or unwanted access.
CAPTCHAs that exploit logic
Another way to create a test that can only be passed by a human being is to use small quizzes. Such a CAPTCHA code may require you to complete a simple mathematical operation.
Taking into account that even a bot can easily perform this kind of calculation, it is often required to write the result in the form of a word or number. Adopting this type of measure makes "life difficult" for the bot.
CAPTCHA code in the form of a puzzle
Another type of CAPTCHA code consists in solving simple puzzles, based on the assumption that only a human is able to carry out this kind of action.
It may happen that you have to choose among different images that are in a straight position, or that you have to rotate an image to get the correct position.
In this article, Captcha: what it is and why it is used, we have discovered the use of the CAPTCHA code within websites. We looked at different types of CAPTCHAs and saw how new methods have been developed over the years to improve the effectiveness of these tests.
Now you know that these tests have an important function, although that certainly doesn't make them any less annoying while browsing. How about you? Did you already know about their function? Have you ever used them on your site? Let me know in the comments below.