Writing on the wall for complex CAPTCHAs
By Stewart Mitchell
Posted on 15 Oct 2010 at 14:55
The often incomprehensible CAPTCHA security checks on websites could be on the way out following an innovation from researchers at the University of Buffalo.
CAPTCHA - short for Completely Automated Public Turing Test to Tell Computers and Humans Apart - are used to prevent bots infiltrating websites by mimicking human input, but often the squiggly numbers and letters displayed are illegible.
According to the scientists, frustrated consumers tend to leave websites if the CAPTCHA system refuses them entry more than once, potentially losing sales and traffic.
The answer, they say, is simple: handwriting.
"Here at the Center for Unified Biometrics, we're the only ones who have proposed and thoroughly studied handwritten CAPTCHAs," says Venu Govindaraju, lead scientist on the project.
Humans are good at reading handwriting, machines are not
"Our perspective is that humans are good at reading handwriting, machines are not. It comes naturally to humans. But computer scientists typically consider handwriting a hopeless case, until someone comes along and shows them that it isn't."
The idea is that websites could use whole words based on joined-up writing rather than random computer-generated letters that are distorted and disguised to fool bots.
"We have a huge database of thousands of handwriting samples and we can choose a letter from several to make a CAPTCHA that can still be read when they are joined up," said Govindaraju.
Using the system to generate CAPTCHAs automatically from a central computer, websites could serve up an almost infinite number of words that would be easily readable to humans, but impossible for computers.
Website owners could also set the level of difficulty for CAPTCHAs, depending on the desired level of security.
"We have a program that reads the words to see how easy it is for a computer, and a metric that can gauge how easy it is to read for humans," said Govindaraju.
"A website can set the difficulty level so that, say, only one CAPTCHA in 10,000 is too difficult for humans to read, but that might be easier for computers to read, too. An e-commerce site would want to be easier to get into than a nuclear facility."
There are no immediate plans to release the system as yet, although a research student working on the project has been snapped up by Yahoo.
However, the scientists haven't ruled out a commercial product.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
