Is it the bad of CAPTCHA or we misunderstand CAPTCHA a lot ourselves?
When people say CAPTCHA is outdated or obsolete, does it mean they already have an alternative product in mind? Probably because most current products cannot satisfy their needs. People are fed up wasting time and energy going through boring challenges time and time again. The notorious stereotype of CAPTCHA exists, especially when people see the truth that most advanced bots still achieve their goals. It seems quite urgent to find a new revolutionary product to overturn the situation. However, the truth is, till now we have not found a perfect tool to replace CAPTCHA. Or it’s time we need to think more deeply about CAPTCHA.
Let us review what CAPTCHA means exactly. CAPTCHA means Completed Automated Public Turing test to tell Computers and Humans Apart. A Turing Test is a method of inquiry in artificial intelligence (AI) for determining whether a computer can think like a human being. In CAPTCHA case, a simple judge that if it is human or machine will be made through answering questions.
Just as Alan Turing himself raised the question in the Mid-20th century that “Can machines think?”, nowadays, growing sophistication of artificial intelligence and machine learning makes images, texts, and voice recognition challenges useless. When we are trying to make the tests more difficult for machines(bots), we end up making it harder for people.
Could we think outside of the box? Can we pursue a better CAPTCHA?
Balance Using Experience and Anti-cracking Property
In the year of 2012, a graduate of Wuhan University came up with the original idea of a slide puzzle CAPTCHA. The design did not annoy end users that much. Sometimes it even brought small happiness to people when they fulfilled the puzzle. Soon the idea was realized technically and hit the market successfully. This overnight success did not rely on a robust defense system in the first beginning, frankly speaking. It was the slide puzzle idea relying on behavioral analysis lighted the eyes of end users. The most important lesson that should be learnt was that Never Forget User Experience Is Important.
The simple design with basic algorithms was good enough in the initial stage. However soon attacks arrived. The hacker audience grew simultaneously with the real end users. A professional team was built gradually from several passionate geeks. On the surface, it was based on analyzing the behavioral features, not cognitive thinking pattern, to tell machines from human beings. Internally the defense system kept evolving to maintain a sustainable anti-cracking property from many different aspects. This new product enriched the definition of CAPTCHA. For CAPTCHA hackers, the new working system created a different moat and increased their costs which impeded them to make the attack. Basically, the true purpose of CAPTCHA vendor was not stopping every bot attack. By making their attacks not commercially successful will get them disappear naturally. During the constant war of attack and defense, updating the inner models and challenge resource pool, and getting faster and deeper understanding over adversaries’ strategies could be very essential against CAPTCHA farms and smarter AI. A professional security defense team would made contributions behind the simple CAPTCHA challenges.
As a cyber security product, a constant war cannot be avoided. It needs to cope with adversaries who are trying to beat it at all the time, A smart product will never create a war with the end users. On the contrary, it will enhance its own inner security defense system and provide fluent using experience as its principle. For an ordinary net user, they do not have to feel the growing complexity of AI.
If you know a tool as light and efficient as a CAPTCHA against bot attacks, welcome to discuss with me.
