Was ist ein CAPTCHA?
CAPTCHA describes a spam protection method whose goal is to distinguish automatically generated input from human input and filter it out accordingly. CAPTCHA is an acronym and stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. One of the best-known variants is the so-called reCAPTCHA from the US company Google, which is widely used on the web.
CAPTCHAs are mostly used when forms or other interactive elements require user input. Here, the CAPTCHA is included as an additional verification to distinguish users from bots and to prevent automatically created spam posts from spreading harmful content on the website. By successfully solving the CAPTCHA, the user can verify himself as a human and then submit the desired input. Today, this procedure is used in almost all areas where it is necessary to enter information. This is the case, for example, in registration forms for newsletters, communities and social networks. In the meantime, there are many methods for verifying a human user by means of CAPTCHA. Nevertheless, it is important to note that none of the established methods offers complete protection against spam. In addition, increasingly complex CAPTCHAs worsen the user experience.
Types of CAPTCHAs
The text-based CAPTCHA is the oldest of the known methods. Using a combination of letters and numbers, a code is randomly generated, which the user must enter into a checkbox. This code is additionally alienated to make recognition by bots even more difficult. However, the protection provided by text CAPTCHAs is only reliable if the check code presented is alienated to such an extent that automatic recognition becomes impossible. If this is the case, however, readability for users may also be severely restricted.
Image-based CAPTCHAs are the most common today. They are an alternative to text-based CAPTCHAs. Instead of the alienated code word, the user is shown an image interface with corresponding solution instructions. As a rule, everyday motives, e.g. photos from Google Maps, are used as image material, which can be recognized quickly. The user clicks on specific subjects according to the instruction or depicts a context. In general, image-based CAPTCHAs are said to be more protective than text-based ones, because the recognition and interpretation capabilities of depicted motifs are still severely limited for bots today. In contrast, human users usually recognize the solution of the image-based CAPTCHA in a few seconds.
While text- and image-based CAPTCHAs belong to the graphical identification methods, the audio-based CAPTCHA offers a new approach. This is justified by the fact that a person can only solve a text or image CAPTCHA if he or she has the corresponding visual ability. People with disabilities have no way to solve the CAPTCHA here. Therefore, website operators using CAPTCHA technology should include multiple senses of perception whenever possible as part of better usability for their users. This ensures accessibility for those who depend on it. This is why text and image CAPTCHAs are mostly used in combination with audio CAPTCHAs. Here, for example, the user is played an audio recording of a sequence of numbers, which is entered into the corresponding solution field.
Mathematical & logic CAPTCHAs
Another form of non-visual CAPTCHAs are mathematical and logic CAPTCHAs. These can also be used by people with impaired vision by outputting the task via a screen reader, for example. The user is usually presented with a simple mathematical task or logic question. Since this can also be read by spambots, the task is usually additionally alienated, e.g., by querying it as a number word or by additional input instructions for the calculation result. Logic CAPTCHAS follow the same pattern. The task itself is usually based on general knowledge or is related to the topic of the respective website.
A more recent development in the field of CAPTCHAs are so-called gamification CAPTCHAs. The background is to verify the user by using simple and entertaining mini-games. This way you prevent the user from bouncing because of unreadable or too complex CAPTCHAs. Here, mostly small puzzles or matching tasks are used, which challenge the user’s ability to associate.
Advantages and disadvantages
Using good CAPTCHAs can massively reduce the administration effort of the managed website, both in spam prevention and in simple server traffic.
Nevertheless, you should know that research in the field of automatic recognition of texts, logical tasks and images is constantly improving. At the same time, new studies prove that solving CAPTCHAs can be difficult even for human users.
Therefore, you should always balance the area of website usability with the direct usefulness of the CAPTCHA as a spam filter:
- Is the user able to easily solve the CAPTCHA technology used?
- Is the possible loss of users due to poor usability more important than filtering spam?
Even though CAPTCHAs are very common nowadays and seem to be the standard, there are several alternatives worth mentioning. These may even be a better approach if necessary.
Allow the complete blocking of interactions from a particular source. A blacklist is used to block all unwanted IP addresses or servers. If the list is supposed to be maintained automatically, services of popular anti-spam networks can be used, which keep it up to date and filter much of the malicious traffic.
- Content filters:
Operate similarly to blacklists, but at the word level. The website operator creates “hot words” in a list. These are keywords that are usually used by spambots. However, the disadvantage here is that user content containing these keywords can potentially also be blocked.
These correspond to spam traps for bots. Using CSS, input fields can be created in online forms that cannot be seen by human users. Since spambots usually only read the HTML code and automatically fill the corresponding form fields, it is possible to clearly distinguish which website users are human and which are not.
- Server-side filtering:
Using technical data from the user agents, conspicuous user characteristics and behavior patterns within the website can be identified. In particular, by analyzing the volume of data requested and the speed at which it is entered, it is possible to distinguish between a normal user and a bot.
No CAPTCHA reCaptcha
As an alternative to Google’s widespread reCAPTCHA, the company has launched another CAPTCHA variant. “No CAPTCHA reCaptcha” consists only of a checkbox and usually does not need to be filled in by the user. Instead, Google performs an advanced risk analysis of the user in the background and finally decides on the basis of the result whether it is a genuine user. If this is the case, no further CAPTCHA is necessary. With the help of this upstream check, CAPTCHAs can be avoided, thus improving usability.
As with all Google services, however, the general conditions with regard to data protection should be discussed before use.
What is a CAPTCHA field?
A CAPTCHA field is an element of a website with which humans can be distinguished from machines and verified. Mostly you can find this in contact forms or other information inputs on a website.
What does CAPTCHA mean?
CAPTCHA is an acronym and stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”.
What is a Google reCAPTCHA?
Google reCAPTCHA is a spam filtering service provided by Google LLC, and is used to distinguish humans from machines on the internet. The goal of the service is to prevent automated spam submissions to websites as effectively as possible.
Why do I need to confirm that I am not a robot?
Websites use CAPTCHA services to make sure that only real users interact on their pages. CAPTCHAs distinguish between humans and machines based on various data, and this usually requires solving a CAPTCHA. Newer services even allow this by simply confirming “I am not a robot”.
What is a CAPTCHA query?
A CAPTCHA query is a spam filter element on websites where information is entered. To ensure that this information comes from humans and does not contain automatically generated spam content, the author must verify himself as a human beforehand.
What is Math CAPTCHA?
Math CAPTCHA is a variant of CAPTCHA spam filtering services designed to distinguish human from machine. With Math CAPTCHAs, for example, users are presented with a math problem that they must solve before they can post content, for example.
What does protected by reCAPTCHA mean?
Protected by reCAPTCHA refers to the fact that the website uses spam filtering services that distinguish humans from machines, thus avoiding automatically generated spam content.