In the era of modern technology which involves automation, CAPTCHA code is a big contribution towards improving the web security and ensuring genuine access. This article will discuss what a CAPTCHA Code is, How does a CAPTCHA Code works, How it is designed, its types, applications, advantages and disadvantages.
CAPTCHA codes were developed in response against attacks issued by automated programs. Several programs, software have been developed that mimic the act of a human being like entering data into systems, generating and sending responses automatically. It is a tedious task for the websites to differentiate if a human is seeking its service or a machine. CAPTCHA-codes have helped the websites immensely to provide access and services to a genuine user.
Fig. 1 – Introduction to CAPTCHA Code
What is a CAPTCHA Code
CAPTCHA Code is a short phrase used for “Completely Automated Public Turing test to tell Computers and Humans Apart”. Web applications use CAPTCHA Code techniques as a security mechanism to provide reliable and secured services to its users. CAPTCHA’s help services to distinguish legitimate users from computer bots.
“Bots” are computer programs that are designed to work automatically like leaving spam in website comments, posting news on social media like Twitter, sending overwhelming sign-up requests on a site etc. CAPTCHA-Code is a type of test or a task which is very simple for humans but difficult for bots.
Fig. 2 – An example of a Text Based CAPTCHA Code
A user has to complete the task to avail the services of a particular website. The main aim of CAPTCHA Code is to prevent spammers and automated software tools that automatically use web-services.
The most common, typical CAPTCHA Code is a text based image with distorted letters of different fonts, blurry or confusing backgrounds with random lines. The user is asked to re-enter the letters or numbers to obtain services. If the user fails, then the access is denied.
What is Re-CAPTCHA Code
In the recent years, a new CAPTCHA’s system emerged which was taken over by Google in the year 2009. This system is known as Re-CAPTCHA. Re-CAPTCHA has successfully helped in controlling spam along with digitizing books into archives which are impossible for the computers to scan. Re-CAPTCHA can display about 100 million CAPTCHA’s everyday on different websites.
Fig. 3 – Re-CAPTCHA Evolved by Google
How does a CAPTCHA Code Works
CAPTCHA technique is basically a challenge response test which involves a computer (server) initiating a task for the user to complete. If the user completes it successfully then the user is considered as “human” else it is treated as a “web-bot”.
Figure below shows the flow chart of a simple text-based CAPTCHA codes. When the user loads a website or try to avail the services by that particular website, a CAPTCHA codes option appears on the screen and the user has to enter the correct information in the textbox provided and clicks on the submit button.
Fig. 4 – Flowchart of a Text Based CAPTCHA Codes
This action initiates the validation process in the server where the text, the user has entered is matched with the information in the database. If the result matches, then the user is considered legitimate else it is perceived as a “bot” or illegal user and is redirected to the home screen denying the website access.
How is CAPTCHA Code Designed
CAPTCHA code is a series of characters and numbers randomly generated using multiple randomizing functions to make sure that the string/code generated is not vulnerable to dictionary attack.
The CAPTCHA code has a length of minimum 6 alpha-numeric characters. Image processing techniques are applied to handle multiple font sizes and to rotate the string of characters at various angles. Characters or images are split into parts which can be recognized by humans and not by software programs.
Splitting the characters make the string look disoriented which is difficult for the bots to speculate the start and end of an image or a text. For example: the letter “W” can be split in to “V” and “I”. Lines are added randomly to prevent segmentation and to make the text look more distorted/garbled. Background is added in similar colors. Figure below shows the different steps involved in designing a CAPTCHA code.
Fig. 5 – Steps of Designing a Text Based CAPTCHA
Types of CAPTCHA Code
CAPTCHA Codes are categorized into four categories to suit and serve different group of users. They are:
- Text Based CAPTCHA Codes
- Audio Based CAPTCHA Codes
- Image Based CAPTCHA Codes
- Video Based CAPTCHA Codes
Text Based CAPTCHA Code
Text based CAPTCHA codes is represented in the distorted form of case-sensitive letters, lines and digits. Text-based CAPTCHA’s are deployed in popular web-sites like Yahoo, Gmail, YouTube, PayPal etc.
Types of Text-based CAPTCHA codes includes Gimpy, Baffle-Text and MSN-CAPTCHA.
Fig. 6 – Text Based CAPTCHA Code
Audio Based CAPTCHA Code
Audio Based CAPTCHA Codes are sound-based programs which are designed for the users who cannot see clearly or who do not want to use text-based CAPTCHA code. It has on-line audio-clips and as a part of the task, the user should listen, type and submit the word. To make the task more robust , back ground noises are attached to the audio files.
Fig. 7 – Audio Based CAPTCHA Codes
Image Based CAPTCHA Code
In the Image-based CAPTCHA code, the users have to choose the images that have some similar properties. Pix and Bongo CAPTCHA are some of the types of Image-based CAPTCHA Codes .
Fig. 8 – Image Based CAPTCHA Code
Video Based CAPTCHA Code
A video based CAPTCHA code is also called moving image-object recognition technique where the user has to tag three keywords that describes the video.The response is validated against the database and checks if the keyword matches with the description provided in the database.
Fig. 9 – Video based CAPTCHA Code
Applications of CAPTCHA Code
The applications of CAPTCHA Codes include:
- Helps in reducing comment spam.
- Online polling sites.
- Web registration services.
- Financial transactions.
- Reducing Bots on social media.
- Online gaming sites.
- Short messaging services (SMS)
Advantages of CAPTCHA Code
The advantages of CAPTCHA Codes include:
- Text- based CAPTCHA’s are easy to implement and hence it’s widely used in websites.
- Dictionary attack is considerably reduced using Battle Text-based CAPTCHA.
- Re-CAPTCHA technique uses new dictionary words and optical character recognition fails to break this program.
- Image- based CAPTCHA’s are easier than Text-based as it does not require typing. It requires selecting the images which is simple.
- Image-based CAPTCHA is more secure than Text-based CAPTCHA.
- Audio-based CAPTCHA’s are very useful for visually impaired users.
Disadvantages of CAPTCHA Code
- The disadvantages of CAPTCHA Codes include:
- Optical character recognition (OCR) can break Text-based CAPTCHA’s posing security threats.
- Text- based CAPTCHA’s are not beneficial for the users having vision issues.
- Image-based CAPTCHA’s require large image databases which increases the load on the server.
- Random guessing attack can break the image-based program.
- Speed of the video in video-based CAPTCHA may be slow and the process may be time consuming.
- Audio-based CAPTCHA’s can be accessed by the users who possess comprehensive English vocabulary.