Why are CAPTCHAs getting harder to crack?

Never before have we been asked about proving that ‘I’m not a Robot.’ or the time when we need to ‘Click the image that contains the hill’ or just enter the secret key. Read a collection of letters and numbers that make sure we are real people and not bots to try on accessing the system.

This test is called CAPTCHA, an acronym for the Fully Automated Public Turing test to differentiate computer and human. These tests protect websites, accounts by generating tests or puzzles that humans can pass, but bots cannot. While a CAPTCHA does not prevent malware infection or network intrusion by professional rogues who can hire human decoders, it can defeat common hackers.

Although earlier CAPTCHAs consisted of distorted letters, numbers and words but the new versions showed different types of images. Of late, this image requires 2-3 times verification. So, what makes ‘I’m not a Robot’ easily transformed into a weird image grid?

The Evolution of CAPTCHA

According to the Carnegie Mellon University of Pittsburgh website, the researchers developed the first CAPTCHA for Yahoo to prevent automated programs from providing free email accounts quickly that would be used to pump spam.

In 2014, when Google tossed one of its machine learning algorithms against humans in solving the most distorted text CAPTCHAs, it found that computers got 99.8 percent correct tests at the time, while humans got only 33 percent.

This led to Google switching to NoCaptcha ReCaptcha, that observes user data and behavior to allow some humans to go through it with a single click of the “I’m not a robot” button and assign image labels to others, which we see today.

Threats by Boats

It is expected that these CAPTCHAs will become increasingly complex and intricate when bots get smarter and better at recognizing them. Although bots can read text, they cannot recognize images, so to overcome CAPTCHAs, spammers often turn to optical character recognition (OCR) software that scans documents into editable text, helping bots bypass scrutiny tests. Additionally, some companies offer to pay people to crack a CAPTCHA for US $ 2 or less per crack.

Proposed Solution

Nan Jiang, a lecturer in human-computer interaction at Bournemouth University, said, “There’s always a battle between usability and security.”

To overcome this problem, many alternatives have been proposed. These include CAPTCHAs based on nursery rhymes common in areas where the users are said to have grown up, CAPTCHAs for indexing ancient petroglyphs and more.

In 2016, Google announced Invisible reCaptcha which will use the Advanced Risk Analysis algorithm. In this case, Google’s AI system looks for signs of human behavior by running in the background, detects mouse cursor movement, the length of time it takes for a user to click on a page and removes ‘I’m not a robot box’ from a webpage. It also scores traffic according to the appearance of suspicious user activity. Other authentication methods include two main authentications, answering generic questions set by the user themselves, a password and so on.


Although CAPTCHAs successfully minimize spam comments, prevent fake registrations, it is still not an easy solution. Moreover, it does not help the visually impaired and can result in a bad experience for users by interfering with their activities.

So until we find or create a better solution or the latest version of the CAPTCHA that is unbreakable and secure, researchers need to keep trying for the websites to have an extra layer of security. So, in the meantime, these concavely generated numbers and images are our best bet.

Credit to: https://bit.ly/31cFcyS

Leave a Reply

Your email address will not be published. Required fields are marked *