Is using CAPTCHA for website a bad idea and what are the alternatives
While using the internet we often have to fill in a CAPTCHA code. CAPTCHA means by “Completely Automated Public Turing test to tell Computers and Human Apart”. It is one of the most used steps on the internet with the aim of stopping the automated submission of registrations, content forms and some other web forms.
The use and importance of CAPTCHA system:
A question simply arise in our mind that in what is the use of and applicability of CAPTCHA and what are the situations in which adding it is necessary for a website. The system is a visual or an audio challenge to a user to prevent bots and automated scripts from accessing the services protected by.
It is highly important for:
- Web forums who want to discourage the signing up process of spambots or adbots.
- When you want to protect your downloads from automated access by bots. These bots are not the security risk, but are bandwidth drain.
- Google and the other leading websites use it for the search queries to discourage the excessive amount of queries coming from a single IP address.
One this is to be mentioned here specially that CAPTCHA doesn’t provide any kind of security. It is only the protection from unwelcoming bots and the limiting the excessive and unnecessary queries.
Since last couple of the years, a view is rising against the use of CAPTCHA, and people want to break this habit of using them on websites and also they are looking for a better alternative.
To understand the situation, we need to step back in the recent past when it was started and adapted by many websites. The theory behind developing CAPTCHA was quite simple, “something that is created by computer and can be read by humans only”. Though the readability of the CAPTCHA codes is a matter of discussion, most of the websites started to apply it as an attempt to prevent or discourage automated requests. This highly used by Google mail and Facebook.
But as the time passed on, CAPTCHA became freaking and annoying step while performing any important online procedure. It adds an un-affordable and incredible amount of friction that users sometimes find uncomfortable. This is also not in the favor of a startup.
As in interesting fact, people also use CAPTCHA in the case when a simple, non-intrusive spam-stopper would suffice. It can be understood with a simple example. Suppose, on your blog you are dealing with unlimited and unwanted spam comments and to get rid of this, you are thinking about adding CAPTCHA. Now, consider this situation with a different approach. What you are receiving is just the generic spam bots and is not under the threat of well-planned, hazardous and targeted attacks, so you don’t need a CAPTCHA.
There are many other effective methods and techniques to employ and stop the generic spam bots on your website. As an easier alternative you can add an extra field with some attractive title such as “email” to your form that is then hidden using CSS. It is not easy for humans see this field and as a result, they can never fill it. If there is any request relating to the field completes will be eliminated as span with a great ease. In the end, you achieved a smart spam-stopper technique without ruining the user experience and the process is also free from any additional friction. You can search for some other techniques like this to deal with the majority of spam bots.
But is the situation is serious and there is enough possibility that you may be a victim of a targeted attack. Or, you are someone like, Google or Facebook. Of course, something really effective and powerful is required here. If you think that CAPTCHA is going to rescue you, you are on a wrong boat. It cannot protect you any way. It is a shocking reality that most of the CAPTCHA systems are already been cracked by using OCR software. Are you still eager to compromise with it on the cost of annoying your users? To make the things even worse, the hackers who are working for the porn websites can easily enter in your system and add their adult content by using your CAPTCHA system. So trusting over this system for your safeguard is not a wise decision.
As the CAPTCHA hater’s community is rising rapidly, it is catching the attention of the technicians. Especially the web engineers are taking this CAPTCHA problem as a creative opportunity. They are working hard on developing the alternative solutions of various kinds. You should have been observed sometimes when the users are asked to pick 3 of the most attractive people out of the 9 pictures. This type of solution is interesting and a sort of fun to the users. This gives a better user experience than the traditional CAPTCHA, yet it is pretty worthless in the field by offering a real security.
As another approach, you are asked to the simple math or go though some simple questions like “what is known as man’s best friend ?”. There also some conditions when the users are not bound to crack the CAPTCHA that appears in the form of a question, you just have to skip it and analyze the response that comes in return. This system is also not a decent one as surely there will be a limited list of questions and the hackers are capable enough to develop a dictionary of correct answers so that they can feed the bots in the website.
Google has introduced another anti-bot alternative called re-CAPTCHA. They are pretty enthusiastic about it and proudly mention it as a fine technology to support digitize books. But for your information,the re-CAPTCHA also can be cracked with 23% accuracy. So it is just another alternative to frustrate the users.
Now this scene is “CAPTCHAs are irritating, they are not even very helpful and can be cracked easily”. Efforts are being made to develop a well balanced approach that provide basic security to prevent the generic bots still are far from CAPTCHA. As an experiment some new systems are launched that provide non-intrusive behavior analytical modeling with an inbuilt setting to recognize the non-human website traffic. Ellipsis is a remarkable name in this niche.
Though the spammers are a serious problem to deal with and they really need an effective technology to get under control, but CAPTCHA is not the solution for sure. Here is the need of a really good system that is free from friction and leave the internet as a fun experience to the users.