CAPTCHAs Are Becoming Security Theater


Userlevel 7
Badge +54
Google doesn't even need us to prove our humanity anymore, which is a good thing, because they can simulate it now.

CAPTCHAs are a time-worn way for humans to tell computers that we are human. They are those little boxes filled with distorted text that we've been told humans can decipher, but computers—the bad guys' computers—cannot. So, Watson-be-damned, we enter the letters and gain access to whatever is behind the veil, leaving the bad bots steaming outside the pearly, CAPTCHA'd gates. As Google's ReCAPTCHA website puts it: "Tough on bots, easy on humans."
 
Full Article

11 replies

Userlevel 7
CAPTCHA though often being marginalized and not liked by the users, still constitutes one of the essential elements of strengthening security number. We should remember about it.
It's a nice and interesting article :D
Many thanks Jasper!!
Userlevel 7
Badge +56
They've been pretty useless for a long time, since you can now pay pennies to have some poor soul in a country with cheap labor solve them for you:
http://www.deathbycaptcha.com/
Userlevel 7
Personally, I hate them with a passion.  Now with my new specs, (the old reading glasses were failing) maybe I will discern the blurred stuff a bit more easily, but I still cannot stand it when they are ambiguous enough that it takes me several times to get past it.
 
This also applies to changing my WSA settings....  I do lock it down that you must be an admin, etc etc etc, but I DO disable the Captcha.  
 
Sorry guys, I know that reduces my WSA's security, but it makes MY life a LOT easier LOL
Userlevel 7
Badge +6
The way you do it now is requiring SMS verification of an account, but people don't like that very much.
Userlevel 7
Badge +56
@ wrote:
The way you do it now is requiring SMS verification of an account, but people don't like that very much.
I'm actually ok with verification, either by SMS or email, as long as it is instant and I don't have to wait around.  
Userlevel 7
Two-way authentication...phooey...THREE-way authentication is the way ahead...if you believe the pundits...but the more one secures the more invconvenient it becomes and the less likely normal users are likely to bother to do it.
 
It is just the good old Security Conundrum...;)
Userlevel 7
Badge +56
How about four-way authentication??
Userlevel 7
@ wrote:
How about four-way authentication??
Not come across any references to that one yet...but I suspect that it is only a matter of time...after all...that is what they call progress, n'est ce-pas? ;)
Userlevel 7
Badge +6
Still waiting for Webroot to figure out 2 factor. :8
Userlevel 7
You know explanoit, perhaps they should consider the advancing technology and start working on three-way, whilst it is still current...;)
Userlevel 7
Badge +54
Well the truth of the matter is that whatever security measures are brought in, ways will be found to get around them so the measures we take will always have to evolve. BUT as Baldrick points ot though, too complicated and the average user will not bother.

Reply