CAPTCHA systems easy to foil, security firm finds

Imperva study finds CAPTCHAs, designed to keep spambots off Web sites, can easily be broken by humans and can turn people away if they are difficult or annoying to complete.

Imperva report suggests using novel ways of keeping automated spam off Web sites with CAPTCHAs that are games or animations.
Imperva report suggests using novel ways of keeping automated spambots off Web sites with CAPTCHAs that are games or animations. Imperva

Challenge-response techniques called "CAPTCHAs" designed to keep spambots off Web sites can easily be broken by humans who are paid to type in the responses, according to a new report from security firm Imperva.

CAPTCHAs, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart, are created by programs and are intended to be difficult for computers to fill out.

"One of its inherent flaws today is that it can be easily bypassed by outsourcing it to human solvers for a very low cost," the study (PDF) says. "When the CAPTCHA is solved for the attacker by other humans, it doesn't matter how good it is at distinguishing humans from machines. Therefore, a CAPTCHA alone is not enough to guarantee the security and the content quality of the site."

Bad CAPTCHAs can also turn people away if they are difficult or annoying to complete. To avoid this, the report suggests creating mini-games or using CAPTCHAs only when there is suspicious behavior.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Love heavy and clunky tablets?

Said no one ever. CNET brings you the lightest and thinnest tablets on the market.