We all are familiar with a situation while using the internet, for instance, while visiting web pages or just before downloading something, where we need to pass a simple test in order to proceed further which is by the way annoying to some people.
Anyway, the test I have mentioned above is called reCAPTCHA which is actually a very specific application of a system called a Completely Automated Public Turing test to Tell Computers and Humans Apart, briefly known as CAPTCHA. It is a way to distinguish between human intelligence and computer or automation.
reCAPTCHA was first developed by Luis Von Ahn and his associates from Carnegie Mellon University, Pittsburgh. This drew the attention of the tech giant Google. Then this technology was bought by Google in the month of September 2009.
But reCAPTCHA is a free service provided by Google to protect various kinds of websites from spam or abuse.
In this article, I am going to talk about this technology as much as possible within my grasp. I will also talk about why do we need it and how many types and versions do it have.
What is reCAPTCHA?
As I have told before it is a free service provided by Google to protect various websites from spam or abuse. ReCaptcha is a guess-based authentication system, unlike biometrics. It is a simple test where a certain problem appears, for instance finding a hand full of pictures among others or typing some weird word from a picture of really bad handwriting which may be stroked out by a line.
Point is the test is very easy, even for a kid but an automated bot or computer program will find a hard time solving it. In fact, it is almost impossible for a bot to solve. Because bots are programmed to operate logically governing by the input what they receive from that certain website.
But the reCAPTCHA provides the data in such a way that a bot does not understand from a logical point of view and neither receives any valid input based on which they might operate and proceed further.
This is why we see reCAPTCHA as a visual or audible puzzle most of the time because bots do not have eyes and ears like humans. In this case, humans make decisions based on what they see or hear in the puzzle or picture or audio note but bots cannot make any decision because they cannot perceive visual or audible information and process that like humans. This makes spamming using bots very very difficult when reCAPTCHA is installed as an anti-spam system.
Can ReCAPTCHA Prevent DDoS Attack?
reCAPTCHA also provides valuable protection against DDoS attacks on websites. But it is not reliable because if the server is overloaded due to DDoS disables the server to load reCAPTCHA then there will be a security breach.
As DDoS is a far more advanced spam attack it requires some additional measures to provide complete protection, for instance, DDoS protection by Cloudflare and so on.
Why Does Recaptcha Appear in Some Web Pages While, Not in Others?
Well, not on every web page you see a reCAPTCHA checkbox. It is implemented on some sensitive pages only that requires protection from spam or abuse.
You may sometime see the reCAPTCHA checkbox while using the Google search engine. This checkbox appears when the user’s computer network sends an automated request to Google. It is against their Terms of Service.
Another reason may trigger this safety measure if two device uses the same IP address or the device makes very quick responses that are not possible by human beings. Even using a proxy server may not prevent it.
This may also be caused by malicious software, or scripts or terms so advanced that only bots use.
Types of CAPTCHA
reCAPTCHA is much more user-friendly and version of CAPTCHA or should I say reCAPTCHA is a very specific application of CAPTCHA. In order to understand reCAPTCHA we also need to know about CAPTCHA. Here in this section of this article, I am going to talk about various types of CAPTCHA. They are as follows:
1.No CAPTCHA reCAPTCHA
A few years back the reCAPTCHA became very annoying and a waste of time for most of the people. Google then improved the reCAPTCHA and made it invisible to users. This invisible version of reCAPTCHA is now rolling in the cyber world.
This is the type of CAPTCHA where the blurry image or visual puzzle is used to distinguish between human intelligence and bots.
The only human brain can make sense out of that puzzle which makes it very difficult for bots to solve it.
Research has shown that math problems are one of the most effective ways to stop spam and abuse. Developers can choose simple math puzzle to a bit of advanced math problem which is solvable by human brains only.
4. Honeypot CAPTCHA Method
We all know that bots exist to do our work automatically. The honeypot method lures the bot to fill up a CAPTCHA test automatically while remaining invisible to the user. As bots tend to do things automatically, they get fooled and fills up the CAPTCHA test automatically and get caught.
However, this is not viable for cases where browsers tend to do things without asking permission of the user.
5. Text Message Verification
This is one of the most trustworthy CAPTCHA systems. Where suspicious activity triggers a safety measure where the website sends a text message containing a specific code to the corresponding user’s email or phone number and if that code is entered correctly on the website then the user is allowed to proceed further.
This is more of a security measure than CAPTCHA used by different apps and gaming servers.
6. Biometric Security
This is also one of the most foolproof security measures. Most of the modern device has a fingerprint scanner and camera with facial recognition system. This also allows preventing bot form from gaining access. This also more of a security measure than a CAPTCHA system.
Versions of reCAPTCHA
The very first version of reCAPTCHA is reCAPTCHA V1 where a simple checkbox “I am not a robot” was used to distinguish between humans and computers.
Then it was upgraded to reCAPTCHA V2. It first gives the user a checkbox like the V1. Bots tend to click exactly in the center of the checkbox where human clicks more imprecisely and arbitrarily. Thus the reCAPTCHA system detects whether its human or bot.
If it is likely to be a human it passes away and if it is likely to be bot it gives a puzzle or test to solve which then determines more accurately whether it’s a bot or human.
reCAPTCHA V3 also works in the same way as V3 but instead of interacting with the user it anonymously monitors the user on a deeper level and determines whether it is a bot or human.
reCAPTCHA played a very important role to keep cyberspace free from spam and abuse. Advanced algorithms and bots are being created to cheat reCAPTCHA and other safety measures against unethical hacking and spam. So, the CAPTCHA technology should also get evolved to cope with new threats.