Captcha

Was ist ein CAPTCHA?

CAPTCHA describes a spam protection method whose goal is to distinguish automatically generated input from human input and filter it out accordingly. CAPTCHA is an acronym and stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. One of the best-known variants is the so-called reCAPTCHA from the US company Google, which is widely used on the web.

An example of frequently used captcha services: ReCaptcha. Here you confirm that you are a human by clicking in the checkbox.

Intended use

CAPTCHAs are mostly used when forms or other interactive elements require user input. Here, the CAPTCHA is included as an additional verification to distinguish users from bots and to prevent automatically created spam posts from spreading harmful content on the website. By successfully solving the CAPTCHA, the user can verify himself as a human and then submit the desired input. Today, this procedure is used in almost all areas where it is necessary to enter information. This is the case, for example, in registration forms for newsletters, communities and social networks. In the meantime, there are many methods for verifying a human user by means of CAPTCHA. Nevertheless, it is important to note that none of the established methods offers complete protection against spam. In addition, increasingly complex CAPTCHAs worsen the user experience.

Types of CAPTCHAs

Text-based CAPTCHAs

The text-based CAPTCHA is the oldest of the known methods. Using a combination of letters and numbers, a code is randomly generated, which the user must enter into a checkbox. This code is additionally alienated to make recognition by bots even more difficult. However, the protection provided by text CAPTCHAs is only reliable if the check code presented is alienated to such an extent that automatic recognition becomes impossible. If this is the case, however, readability for users may also be severely restricted.

Example of too much alienation in text captchas. Here, the user has to enter the alienated text in the field below to confirm that he is a human.

Acceptable level of alienation in text captchas leads to better usability. Here, the user has to enter the alienated text in the field below to confirm that he is a human. There is also an option to request a new CAPTCHA by the user clicking on the arrow icon.

Image-based CAPTCHAs

Image-based CAPTCHAs are the most common today. They are an alternative to text-based CAPTCHAs. Instead of the alienated code word, the user is shown an image interface with corresponding solution instructions. As a rule, everyday motives, e.g. photos from Google Maps, are used as image material, which can be recognized quickly. The user clicks on specific subjects according to the instruction or depicts a context. In general, image-based CAPTCHAs are said to be more protective than text-based ones, because the recognition and interpretation capabilities of depicted motifs are still severely limited for bots today. In contrast, human users usually recognize the solution of the image-based CAPTCHA in a few seconds.

Image captcha: The captcha with the widest distribution on the web. Here, the user selects certain images that belong to a given category.

Solving a typical image captcha step by step

Audio-based CAPTCHAs

While text- and image-based CAPTCHAs belong to the graphical identification methods, the audio-based CAPTCHA offers a new approach. This is justified by the fact that a person can only solve a text or image CAPTCHA if he or she has the corresponding visual ability. People with disabilities have no way to solve the CAPTCHA here. Therefore, website operators using CAPTCHA technology should include multiple senses of perception whenever possible as part of better usability for their users. This ensures accessibility for those who depend on it. This is why text and image CAPTCHAs are mostly used in combination with audio CAPTCHAs. Here, for example, the user is played an audio recording of a sequence of numbers, which is entered into the corresponding solution field.

Step-by-step solution of an audio-based captcha

Mathematical & logic CAPTCHAs

Another form of non-visual CAPTCHAs are mathematical and logic CAPTCHAs. These can also be used by people with impaired vision by outputting the task via a screen reader, for example. The user is usually presented with a simple mathematical task or logic question. Since this can also be read by spambots, the task is usually additionally alienated, e.g., by querying it as a number word or by additional input instructions for the calculation result. Logic CAPTCHAS follow the same pattern. The task itself is usually based on general knowledge or is related to the topic of the respective website.

Animation of the exemplary functioning of Math-CAPTCHAs

Gamification CAPTCHAS

A more recent development in the field of CAPTCHAs are so-called gamification CAPTCHAs. The background is to verify the user by using simple and entertaining mini-games. This way you prevent the user from bouncing because of unreadable or too complex CAPTCHAs. Here, mostly small puzzles or matching tasks are used, which challenge the user’s ability to associate.

Practical example from the implementation of gaminfication captchas. Here, an interaction between human and captcha is necessary, for example by pulling a knife through the cheese.

Advantages and disadvantages

Advantages

Using good CAPTCHAs can massively reduce the administration effort of the managed website, both in spam prevention and in simple server traffic.

Disadvantages

Nevertheless, you should know that research in the field of automatic recognition of texts, logical tasks and images is constantly improving. At the same time, new studies prove that solving CAPTCHAs can be difficult even for human users.

Therefore, you should always balance the area of website usability with the direct usefulness of the CAPTCHA as a spam filter:

Is the user able to easily solve the CAPTCHA technology used?
Is the possible loss of users due to poor usability more important than filtering spam?

CAPTCHA alternatives

Even though CAPTCHAs are very common nowadays and seem to be the standard, there are several alternatives worth mentioning. These may even be a better approach if necessary.

Blacklists:
Allow the complete blocking of interactions from a particular source. A blacklist is used to block all unwanted IP addresses or servers. If the list is supposed to be maintained automatically, services of popular anti-spam networks can be used, which keep it up to date and filter much of the malicious traffic.
Content filters:
Operate similarly to blacklists, but at the word level. The website operator creates “hot words” in a list. These are keywords that are usually used by spambots. However, the disadvantage here is that user content containing these keywords can potentially also be blocked.
Honeypots:
These correspond to spam traps for bots. Using CSS, input fields can be created in online forms that cannot be seen by human users. Since spambots usually only read the HTML code and automatically fill the corresponding form fields, it is possible to clearly distinguish which website users are human and which are not.
Server-side filtering:
Using technical data from the user agents, conspicuous user characteristics and behavior patterns within the website can be identified. In particular, by analyzing the volume of data requested and the speed at which it is entered, it is possible to distinguish between a normal user and a bot.

No CAPTCHA reCaptcha

As an alternative to Google’s widespread reCAPTCHA, the company has launched another CAPTCHA variant. “No CAPTCHA reCaptcha” consists only of a checkbox and usually does not need to be filled in by the user. Instead, Google performs an advanced risk analysis of the user in the background and finally decides on the basis of the result whether it is a genuine user. If this is the case, no further CAPTCHA is necessary. With the help of this upstream check, CAPTCHAs can be avoided, thus improving usability.
As with all Google services, however, the general conditions with regard to data protection should be discussed before use.

FAQs

What is a CAPTCHA field?

A CAPTCHA field is an element of a website with which humans can be distinguished from machines and verified. Mostly you can find this in contact forms or other information inputs on a website.

What does CAPTCHA mean?

CAPTCHA is an acronym and stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”.

What is a Google reCAPTCHA?

Google reCAPTCHA is a spam filtering service provided by Google LLC, and is used to distinguish humans from machines on the internet. The goal of the service is to prevent automated spam submissions to websites as effectively as possible.

Why do I need to confirm that I am not a robot?

Websites use CAPTCHA services to make sure that only real users interact on their pages. CAPTCHAs distinguish between humans and machines based on various data, and this usually requires solving a CAPTCHA. Newer services even allow this by simply confirming “I am not a robot”.

What is a CAPTCHA query?

A CAPTCHA query is a spam filter element on websites where information is entered. To ensure that this information comes from humans and does not contain automatically generated spam content, the author must verify himself as a human beforehand.

What is Math CAPTCHA?

Math CAPTCHA is a variant of CAPTCHA spam filtering services designed to distinguish human from machine. With Math CAPTCHAs, for example, users are presented with a math problem that they must solve before they can post content, for example.

What does protected by reCAPTCHA mean?

Protected by reCAPTCHA refers to the fact that the website uses spam filtering services that distinguish humans from machines, thus avoiding automatically generated spam content.