Solutions Blog

“Oh, no, not the CAPTCHA screen”

By Richard Arneson

Come on, admit it, when you’re trying to access a website and you get the I am not a robot CAPTCHA screen with the nine (9) stacked images, your heart drops a notch or twenty (20)—especially if you’re on your smart phone, each image is the size of a pencil eraser and you’ve misplaced your reading glasses. Is that a palm tree or a street light? And why did they hide it behind that stupid tree? It’s never a welcome site and Google, which offers its CAPTCHA service for free, has made proving you’re not a robot tougher. Hopefully, this news comes as relief if you’re getting stumped more frequently and are questioning your problem-solving skills.

Google, what gives? Just let me in the website

Remember the good ‘ole days when proving you weren’t a robot meant deciphering a few slightly swirled letters? But, do you also remember how the letters got more and more swirly, until determining the ones listed became a serious challenge?

The puzzle evolved because character recognition programs evolved, as well. They got better, and we’re all to blame. After years of correctly typing in letters, we helped train the recognition programs. By becoming more difficult, the puzzles became more annoying. New and different robot identification was needed, and Google found it in CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), which they bought from Carnegie Mellon in 2009.

We can thank this big brain for making CAPTCHA more difficult

In 2016, a University of Illinois computer science professor named Jason Polakis published a paper in which he detailed how, by using off-the-shelf image recognition programs, he was able to solve CAPTCHA puzzles with seventy percent (70%) accuracy. Apparently, his paper made its way to Google. Soon after the publishing of the Polakis paper, CAPTCHA images became smaller, fuzzier and obscured by shrubs. Thanks, Jason, now I can’t read last night’s box score on my favorite website. His paper inspired other researchers, who began solving the CAPTCHA audio version with Google’s own audio recognition program.  

According to Polakis, “We’re at a point where making it harder for software ends up making it too hard for many people. We need some alternative, but there’s not a concrete plan yet.”

Failed attempts to supplant CAPTCHA

A lot of brainpower has attempted to replace CATCHA, but apparently nobody as “brilliant” as Polakis has tackled the issue. One (1) attempt involved asking users to determine facial expressions, ethnicity or gender. No, that wouldn’t result controversy.

Another big brain proposed trivia based on nursery rhymes—perfect, unless you want users to resent their parents for not reading to them at bedtime. Another CAPTCHA replacement still required picture identification, but in animated form. So, when the user is asked to identify, say, a camel, it will probably be dressed in a tux and smoking a cigarette.

reCAPTCHA v3—a very judgmental next version

Google’s CAPTCHA team has been working on reCAPTCHA v3, which the company introduced in late 2018. It uses adaptive risk analysis, which essentially scores traffic based on how suspicious it seems. They first determine what “good traffic” looks like, then uses that data to help detect the bad type. A website that has deemed a user unsavory, seedy or sketchy can present them with a challenge, such as a password request or two-factor authentication. Sounds pretty standard, right? That is, unless the website determines you’re a pillar of the digital community. You’ll soon be ushered in with the red carpet treatment.

Google hasn’t made it aware what “good traffic” looks like, which makes many wonder how traffic will be judged if a VPN or any anti-tracking extensions are being used.

Contact these pro’s if you’re looking to captcha network security for your organization

To find out how to shore up your organization’s security posture, contact GDT’s tenured and talented engineers and security analysts at From their Security and Network Operations Centers, they manage, monitor and protect the networks of organizations of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, read about it here:

If you’re storing data down under, you’re likely re-thinking that decision, says Microsoft president

What’s left when a supply-chain reliant corporation gets hacked? Paperwork

Introducing your cyber threat starting lineup

Death and Taxes—and you can add this to the mix

If you doubled down on Russia, your bet’s safe

What happens in an ATM, doesn’t always stay in an ATM

Google launches itself into cybersecurity space

Getting Stuffed at Dunkin’ Donuts?

Security Myths Debunked

State of the Union address focuses on technology–briefly

The technology arms race was just amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware


Share on linkedin
Share on twitter
Share on reddit
Share on facebook
Share on email

Learn more about “Oh, no, not the CAPTCHA screen” by filling out the form below:

NetApp & the New Normal

Is remote work the “new normal,” and if so, how should their business plan for a more flexible and secure remote-friendly future?

Read More »

Don’t Forget Your Software on the Shelf

The unfortunate reality is that many businesses, armed with the best of intentions, spend millions on software designed to offer more efficiency, visibility, ROI, and more—only to have that software never be utilized to its full potential and gather dust on a shelf. Here’s what to know and what questions to ask yourself to avoid having your software turn into shelfware.

Read More »
WordPress Image Lightbox