How Does CAPTCHA Work?

We’ve all had to confirm we’re not a computer when attempting to log into an account. This is the core purpose of what once was called CAPTCHA… the Completely Automated Public Turing test to tell Computers and Humans Apart. However, it seems surprising that computers don’t easily overcome these simple-seeming tests.

Let’s dig into why these simple tests actually are effective at differentiating between human users and automated bots.

Authentication Was Once Far from Perfect

You may remember the CAPTCHA tests of the past, where they were random sequences of distorted alphanumeric symbols. While this approach was once effective, advancements in technology ultimately switched the paradigm. Instead of humans being able to interpret the symbols that baffled computers, computers were able to identify codes that human beings had little hope of transcribing… particularly those with conditions that impacted their vision.

Making matters worse, spammers began outsourcing, paying workers 30 US cents for each 1000 CAPTCHAs they deciphered.

A Pioneer of CAPTCHA Also Invented reCAPTCHA

A Guatemalan native, Luis von Ahn studied at Duke and Carnegie Mellon University, after which he joined the latter’s School of Computer Science as a faculty member. Not only was he one of the initial creators of CAPTCHA in 2003, but he also spearheaded the development of reCAPTCHA in 2007 before selling it to Google in 2009. After this accomplishment, he cofounded Duolingo, the world’s largest online language-learning platform.

How Does reCAPTCHA Work?

You’re likely quite familiar with the reCAPTCHA box's circular arrow logo and simple “I’m not a robot” prompt. This test seems to be the simplest yet… all you have to do is check the box next to the prompt to confirm your humanity.

This test works by assuming that a human won’t be perfect, especially not compared to a computer asked to do the same thing.

For instance, let’s imagine that this page had a reCAPTCHA prompt on it. You’d have to move your cursor over to the reCAPTCHA field and check the box, as would a bot. However, if we were to compare your cursor movement to the bot’s, yours would be wobbly and imperfect, all at varying speeds, while the computer-controlled cursor would be precise and accurate, moving at a constant and consistent speed.

Make no mistake, the system may give you a more traditional CAPTCHA test if it is unsure based on your prior performance, but even that seems to be more of a mouse-tracking tool than a competency test… after all, even if you miss highlighting one of the squares with a roadway, it often passes human users.

These reCAPTCHAs also take the user’s browsing history into account, as this is one of the clearest ways to identify a human being amongst billions of bots.

Think about all the inane or trivial things you’ve Googled. A bot isn’t going to search for that, but someone legitimately using the search platform likely will have. This is one of the benefits of Google knowing what you do online. Lately, reCAPTCHAs have popped up that are completely automatic, relying solely on tracking information.

To Err is Human… So It’s Okay to Make a Mistake in reCAPTCHA

For all the other times you make a mistake, you can rely on RCL Systems. We help Texas businesses manage their mission-critical technology so they can accomplish more, more securely. Call us at (281) 240-2777 to learn more about what we do!