Commonly used as graphical representations of text in registration or comment areas, CAPTCHAs require a user to prove their human qualities by reading a distorted set of characters and enter them into a form. Although a great way to keep SPAM from filling up your site, they are not always user friendly or even secure. But there is hope.
Inaccessible and Unsecure?
In 2005, the World Wide Web Consortium (W3C) voiced their concerns with the widespread use of what is commonly known as CAPTCHA (Completely Automated Public Turing test to Tell Computers and Humans Apart).
The W3C argued that such graphical tests are unfair and impractical for users who are blind, visually impaired or dyslexic. Over time, CAPTCHAs have evolved to enable users to hear the characters presented visually, making is easier for some disabled users to prove that they are in fact human, and not bots. Still the W3C maintain that “CAPTCHAs fail to properly recognize users with disabilities as human.”
From a security vantage point, CAPTCHAs have also proven to be breakable. In 2008 cyber criminals found ways to break CAPTCHAs either automatically or by manual labor, allowing more spam to seep through CAPTCHA’s cracks. Many webmail service providers fought back, having increased the security of their CAPTCHA protection systems since 2008, which makes CAPTCHA harder to be broken.
Still users are aware of the fragility of site authentication thanks to a recent study by University of Cambridge researchers, which showed that most websites suffer from weak authentication standards and enabling bad password practices by users.
Improving Access and Security
Despite the many ways that CAPTCHA can limit user's access and compromise security, it’s still the most frequently used method to tell computers and humans apart. Several competitors have emerged over the past few years, but none posed much a threat. In 2008, Dries Buytaert announced a new startup called Mollom -- an automated content monitoring system.
Designed to store reported comment spam from participating sites, Mollum helps to stop spam across blogs, social networks or community websites. Though it doesn’t eliminate CAPTCHA from its equation, it helps to evaluate content quality and stop spam users can concentrate on building and improving their site, rather than weeding out spam from their comments. Mollum boasts that it currently protects 34,128 active websites, with an average efficiency of 99.89%.
Earlier this week, Mollum announced a version of the Mollom module for Drupal 7. The update fixes some annoying work-arounds necessary in Drupal 6. For instance, now it’s possible for form validation handlers to alter the form structure during form validation, rather than having to dynamically add a CAPTCHA when a post is suspicious and looks like spam to Mollom. Additionally, the new Mollom module allows easy and flexible integration with third-party Drupal modules.
From a web accessibility standpoint, Mollum helps to solve some of the concerns voiced by W3C years before. With Mollum, only a very small percentage of users will ever see (or hear) a CAPTCHA. By using intelligent filtering techniques, Mollum presents CAPTCHAs only to users posting suspicious content.
Another platform engaging CAPTCHA to identify authorized users from bots is Confident Technologies. Confident ImageShield aims to provide a more advanced layer of security by confirming that a person logging in to a secure site is who they say they are.
Confident ImageShield is an imaged based authentication system. By using strong authentication methods to protect individuals’ private data, Confident ImageShield makes it a strong solution for organizations needing to demonstrate compliance or other regulations pertaining to protecting private data.
Rather than forcing people to decipher warped and distorted characters or words Confident CAPTCHA, is an imaged-based version of text-based CAPTCHA. Confident CAPTCHA presents users with a grid of randomly-generated pictures and simply asks them to click on specific pictures to verify that they are human.
Additionally, Confident Technologies provides solutions that can be used to secure mobile devices, transactions or users for secure Web access, mobile payments and device protection. It also provides an audio CAPTCHA option for greater accessibility for the visually impaired or dyslexic users.
While it seems that CAPTCHAs are here to stay, that state of web accessibility and data security demand new ways of keeping safe and user-friendly. Though hardly a mainstream solution, Mollum and Confident CAPTCHA are viable options for those who wish not to compromise their users’ access or security.