• Articles
  • Tutorials
  • Interview Questions

CAPTCHA - What Is, Codes, Types, & Examples

CAPTCHA - What Is, Codes, Types, & Examples

Table of content

Show More

Check out our Cybersecurity Training for Beginners:

Video Thumbnail

CAPTCHA: A Brief Understanding

What is the history of CAPTCHA, and why does it exist? The history of CAPTCHA is quite interesting. Back in the year 2000, the access to websites by bots increased in number, and to tackle this issue, Carnegie Mellon University initiated and succeeded in creating an automated system where based on the type of questions and the end user’s response or action(s) for the same, access was allowed or denied. The idea of CAPTCHA was widely accepted by several website owners or hosts to guard websites against spam visitors and other activities of such nature.

The CAPTCHA test gets its name from Alan Turing, the developer of the CAPTCHA test. Over the years, the CAPTCHA test has become the norm among website visitors and website hosts. However, the CAPTCHA test is added under the category of necessary evil by several internet users. But, why?

Just like evolution happens to conform to adversity, internet spammers have been finding ways to tackle the CAPTCHA option.

It is right to say that website hosts have an active role in finding ways to tackle the CAPTCHA option. Usually, website hosts earn revenue by converting visitor count to monetary value. To increase the visitor count, websites, usually, generate bot or spam visitors. Bot visitors easily break the CAPTCHA to enter websites to increase their ranking. Various organizations have generated mechanisms to counter the system where bots enter the websites via malicious activities.

However, in general, the opinions among internet users have spread across ranging from ‘why should we prove we are humans to access websites’ to ‘it is inhumane to question someone whether they are human or not’ and much more of such nature. This is because it takes a considerable amount of time for many users to crack the CAPTCHA code or image due to several factors such as age or disability. When access is denied to users because of a failed CAPTCHA test, it results in discomfort and disruption.

Furthermore, since bot visitors have found ways to tackle audio-based CAPTCHA, human users find the CAPTCHA tests unacceptable. This is because by validating the bots CAPTCHA cracking time, the requirements of human users, with several human-based factors, are unheard of by the CAPTCHA creators of the current time.

With the presence of fewer laws regarding CAPTCHA in various jurisdictions, the regulations regarding CAPTCHA still have a long way to go.

Following is another type of CAPTCHA that has gained relevance and popularity in recent years.

How does Captcha work

To precisely state the functioning method, CAPTCHA usually works by asking you identify a set of letters/ number/ the combination of both. The letters/ numbers are placed in such a way that the bots cannot comprehend/ decipher like the human brain. It is proven in several instances that only humans can decipher the CAPTCHA test texts.

Upon the verification of deciphered text, the site/ app will permit your access request.

Currently, it is verified that bots have been evolving to decipher the CAPTCHA codes. Thus, several new methodologies are being looked into to maintain the wellness of the app/ site.

EPGC in Cyber Security and Ethical Hacking

reCAPTCHA: A Brief Understanding

On understanding CAPTCHA, you might wonder how reCAPTCHA works or what reCAPTCHA is? In general reCAPTCHA is the advanced version of the CAPTCHA system. The original CAPTCHA system allows access to websites based on your response to the hard-to-read text and the audio-based CAPTCHA. The reCAPTCHA system is a CAPTCHA system that allows access to websites based on your activity. Since the system does not take any of your time to question your identity, it was widely accepted among website users for the same reason.

The reCAPTCHA system was developed as a collaborative effort at Carnegie Mellon University by Luis von Ahn, David Abraham, Manuel Blum, Michael Crawford, Ben Maurer, Colin McMillen, and Edison Tan. The advanced CAPTCHA system was acquired in the year 2009 by Google.

However, due to several reasons of functionality, the advanced CAPTCHA system, reCAPTCHA, was stopped in the year 2018.

Following are a few of the popular types of CAPTCHA in use.

Types of CAPTCHA

Math problems CAPTCHA

Math problems CAPTCHA have elementary-level mathematical problem questions such as solve 1+3 or solve 1+9. Based on the accuracy of the user’s response, access will be allowed or denied. This is one of the most popular CAPTCHA mechanisms because robots, popularly known as bots, cannot solve questions involving human logic. This is usually implemented in WordPress or HTML sites.

Word problems CAPTCHA

Word problems CAPTCHA is one of the most common types of CAPTCHA; you might see it at least once a day on various sites. This type of CAPTCHA asks you to type the letters displayed on the screen; this may sometimes contain a combination of letters and numerals. Word problems CAPTCHA code often is accompanied with audio-based CAPTCHA as it is more user-friendly for visually challenged users. Since word problems CAPTCHA requires logical understanding to comprehend the code, this CAPTCHA code is often deemed to be secure by website hosts.

Honeypot CAPTCHA

Honeypot CAPTCHA is like treasure-hunt CAPTCHA; it is one of the difficult CAPTCHA types to exist currently. In Honeypot CAPTCHA asks users to find the hidden items on the screen. Usually, bots crack the CAPTCHA easily, but with advanced technologies, this is being tackled by experts as well.

Confident CAPTCHA

This is another one of the most common CAPTCHA types. It asks to find matching items based on the question. For instance, if CAPTCHA asks to find traffic lights, you will have to find the same on the screen. The pictures might be available in static or dynamic form in the form of a grid.

This CAPTCHA is used as part of digital marketing advertisement strategies as well.

Text Based CAPTCHA

TEXT-BASED CAPTCHA

Text-based CAPTCHAs are one of the most common types of CAPTCHAs. They usually require translation as they usually are displayed in an odd style. The CAPTCHAs will usually be covered with lines or anything of similar nature. It is based on the understanding that bots cannot decipher the code through the distorted environment around the text.

Image Based CAPTCHA

Image Based Captcha

This CAPTCHA method displays several pictures and asks you to choose a particular type of image. For example, CAPTCHA might ask you to find traffic lights among other images. The images might sometimes be related, and sometimes it would not be related. In circumstances where there may not be similar types of images, the ‘skip’ option will be present.

The ‘skip’ option might sometimes be present to trick you as well when there are similar images. This is based on the understanding that bots lack logical thinking.

Following is how CAPTCHA is used in general. This will help you in understanding why CAPTCHA is used.

Get 100% Hike!

Master Most in Demand Skills Now!

Uses of CAPTCHA

  • Prevention of comments from malicious spambots: This will increase genuine comments from genuine users and allow your page to grow organically.
  • Prevention of fake form clicks: This is relevant and useful in cases where a few bots hijack online forms and provide fake or spam details. This problem can be handled through CAPTCHA .
  • The functioning of CAPTCHA is based on the Turing test. This test differentiates between bots and humans based on logical understanding and answering capability. Usually, humans have a higher pass percentile in CAPTCHA tests but with the growth of bots resistance strategies, sometimes CAPTCHA tests are being passed by bots as well. However, the software industry is working toward fixing the same. By properly regulating CAPTCHA, you can gain organic development on your page, especially if you have a business page.

DRAWBACKS OF USING CAPTCHA

  • Imagine this situation. You are knocking on a door. They ask you to prove you are human. They clear as day and see you are a human. Also, you wonder, ‘why would bots come to your house now?!’ This is exactly how people think seeing a CAPTCHA. Statistically, people get annoyed and tend to quit the site too. This would affect your viewership. People oftentimes point that the question, ‘are you a human’, or anything of such similar sort brushes their ego on the wrong side.
  • CAPTCHA is one way to prevent breach. It is proven that CAPTCHA tests are successful in preventing breach only to a certain extent. Thus, it is right to state that it would only be partially beneficial when implemented on your site/ app.
  • A part of the society finds the CAPTCHA test discriminatory. Statistically, people with poor eyesight or with both ears and sight impairment, find it extremely difficult to access important sites whenever required due to the presence of CAPTCHA.

Conclusion

To conclude, the concept of CAPTCHA is ever growing and it is going to take a reasonable amount of time to be completely functional and secure. You can expect CAPTCHA growth in the days to come!

Furthermore, by understanding why CAPTCHA is used and if proper implementation of the same is done by you, you can avoid spam bots on your sites!

Course Schedule

Name Date Details
Cyber Security Course 14 Dec 2024(Sat-Sun) Weekend Batch View Details
21 Dec 2024(Sat-Sun) Weekend Batch
28 Dec 2024(Sat-Sun) Weekend Batch

About the Author

Lead Penetration Tester

Shivanshu is a distinguished cybersecurity expert and Penetration tester. He specialises in identifying vulnerabilities and securing critical systems against cyber threats. Shivanshu has a deep knowledge of tools like Metasploit, Burp Suite, and Wireshark.