Listen up, Web surfers: The next time you comment on a blog or check e-mail, you just might get an earful to determine if you’re a human.
That’s because CAPTCHAs, those tests where users must identify distorted letters in order to gain entry to a website, are going multimedia, according to new research by Imperva, a security firm.
Most of us have seen CAPTCHAs, which refer to a Completely Automated Public Turing test to tell Computers and Humans Apart. They often appear when you try to log into government and financial-services sites, as well as blogs and the comment sections of Web sites. They serve a valuable purpose: separating automated requests from those by humans, which keep robots out and allow real people in.
However, in recent years, hackers and spammers have gotten better at beating CAPTCHAs. They’ve written computer programs that automatically decode the letters, or they’ve outsourced the work to people in developing countries who might be paid a few dollars for solving thousands of the tests. The result is that many sites that rely on CAPTCHAs have more spam and hacking attacks.
Some sites are now responding to that by taking novel approaches to protect themselves. One involves playing an audio clip for users and asking them to type out what’s said, a so-called audio CAPTCHA, according to Imperva.
That’s what the Brazilian government’s tax site implemented to prevent too many users from flooding its servers, according to Imperva. The site plays a clip of two male voices speaking at the same time, and the user is required to type only the numbers that are spoken, or he or she can’t proceed.
While creative, the effectiveness of this method is debatable.
Many blind users, who should get the most value from such an approach, weren’t able to complete the audio CAPTCHA without assistance, according to a study. Even non-blind users had trouble. Plus, computers are remarkably good at learning how people speak, and when simple words and few voices are used, humans and computers can get the answers to audio CAPTCHAs correct about the same percentage of the time, according to research from Carnegie Mellon University.
That raises the question about whether the implementation of audio CAPTCHAs is worthwhile since they could actually “expose the site to greater risk at the expense of usability,” according to Imperva.
The company suggests using complicated words, multiple voices and background noise that is as natural as possible, which can make it harder for computers to pass the test.
But what if it also makes it harder for humans?
Beyond the audio challenge, other sites are experimenting with games, logic tests and different visual challenges that require a high level of human intuition.
Many of us have had the experience of getting a typical CAPTCHA question wrong multiple times before giving up and navigating to another site. How sites strike a balance between foiling attackers and gaining users could mean the difference between having happy customers or ones ready to give you an earful.