Sign in Subscribe
General

CAPTCHA - A sure-fire way to lose customers

Justin Hartman

2 min read

A CAPTCHA is a type of challenge-response test used in computing to ensure that the response is not generated by a computer. The process usually involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade. Because other computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human. (via Wikipedia)

I really do consider myself an intelligent human being yet despite my own personal beliefs other websites simply don’t agree. For a long time I’ve struggled with CAPTCHA’s implemented on websites. Either I’m really dumb or the technology is flawed – I lean towards to later.

Let’s look at my latest example. Last night I went to Register.com to look for available domain names. Now I normally use GoDaddy for domain name squatting hunting but alas the last few days their search results have not been working properly so I decided to use the other giant.

When I tried to access the WHOIS details for a particular domain I was presented with a CAPTCHA – I guess in an effort to determine if I was a robot or a real human being – but after twenty unsuccessful attempts I simply had to give up the challenge-response test and succumb to the notion that I must be a robot/spammer/computer and not human after all.

After the first ten or so failures I decided to screenshot all my responses to the CAPTCHA images presented to me because I have to prove to myself that I am not a robot by getting your help on the matter. Here are my results.

Please can someone tell me where I went wrong…….?

The net-result is that Register.com will not be seeing any of my money any time soon and I can’t tell you how often this exact thing happens with CAPTCHA. I realise why a site like Register.com uses it, GoDaddy uses it too, but surely it could be easier for real people to pass the challenge-response test?

In 2005 the W3C Working Group wrote a paper on the Inaccessibility of CAPTCHA and there were some interesting findings. Most importantly they discovered that many of the CAPTCHA systems can be defeated by computers with between 88% and 100% accuracy and that all CAPTCHA effectively does is give site owners a false sense of security.

So if you implement a CAPTCHA system and are only able to achieve at best a 12% success rate in avoiding abuse of your system, then surely it’s time to implement other human verification methods?