Although it may have been a while since you last had to fill out a captcha request to prove you weren’t a robot, they’re still here, hiding in plain sight.
You remember what captcha is, right? The jumbled, difficult to read strings of letters and numbers you would have to type to “prove you aren’t a robot.”
While many authorizing bodies moved away from that type of captcha, many still used the quadrant based type of captcha. These often feature parameters such as “click every square with a car in it” or something like that.
With so many articles from last year claiming its death, why is captcha still a thing?
Captcha is Dead; Long Live Captcha
Even back in 2017, everyone referred to this jumbled technology as a “necessary evil.” Of course, that didn’t stop everyone from “celebrating” its supposed death.
In reality, Google enabled a feature for websites that allowed to use invisible reCAPTCHA.
If Captcha is a “reverse Turing test”, then reCAPTCHA is the super stealth mode version of that. You can read all about it here on Google’s very own page about it.
The idea behind invisible reCAPTCHA was to reduce friction for internet users. Making their experience more seamless could only improve overall internet enjoyment, right?
I don’t disagree, but that adjustment does not mean that Captcha is dead y’all.
A Fresh Innovation Emerges Using Biometric Authentication
Everyone knows how hot-to-trot the tech world is on biometrics right now.
If you need a refresher, biometrics relates to ways you can unlock devices or prove your identity with parts of your body such as fingerprints, face scans, and retinal scans.
Just think of how you unlock your iOS or Android device — probably with fingerprints.
Though Samsung wants to incorporate face-detection like Apple, initial results don’t inspire much confidence. And if mediocre police face-recognition numbers are any indication, biometrics aren’t the best way to create predictive systems.
But merging real-time captcha with biometric authentication might just work.
The Georgia Institute of Technology published their findings in February 2018. The paper contended that a “new login approach” would improve biometric security techniques. By incorporating captcha techniques, humans would more easily pass the test.
However, would-be attackers would struggle with the test despite any spoofing tech, image generation technology, or botnets they might be leveraging.
Erkam Uzun, one of the graduate research assistants on the project, described how the approach seeks to prevent attackers simulating blinking or smiling to fool biometric authentication techniques.
“We are making the challenge harder by sending users unpredictable requests and limiting the response time to rule out machine interaction.”
Wenke Lee, a professor at the university and co-director of the Georgia Tech Institute for Information Security and Privacy, further elaborated on the approach.
“But by presenting a randomly-selected challenge embedded in a Captcha image, we can prevent the attacker from knowing what to expect. The security of our system comes from a challenge that is easy for a human, but difficult for a machine.”
Password Alternatives are the new Black
Real-time captcha technology making its way into biometrics shouldn’t surprise you. After all, many companies want to altogether eliminate the huge security risk that is passwords.
Firefox incorporated Web Authn to improve data security this year. LISNR leverages the power of sound waves to alleviate the vulnerability of QR codes for various tasks such as ticket purchasing and distribution.
But the approach outlined by the Georgia Tech team has to worry about noise, camera security, and server security, too. Only time will tell if this technology will ever really die or just keep evolving, subsisting off the sustenance of other technologies all the while.