CAPTCHA If You Can: Is Your Web Site Secure?

Computers, it seems, are getting smarter every day. And most of the time, that’s a good thing. But when it comes to securing your company’s Web site, computers can cause a whole lot of headaches. Using computer applications commonly referred to as Web robots (“bots,” for short), spammers can sign up for thousands of e-mail accounts or create usernames and passwords to gain access to login-restricted Web sites. Then, in a fraction of the time it would take a human, bots fill e-mail inboxes and clutter Web sites with unwanted advertising, leaving Internet users to sort through overwhelming amounts of irrelevant data before they can find the information they’re seeking.

This was precisely the challenge Yahoo! faced in 2000, as its Web mail and chat rooms were overrun with spam. In order to stop spammers from signing up for more and more accounts, Yahoo! needed a tool to verify that its users were, in fact, human. Luis von Ahn, now a professor of computer science at Carnegie Mellon University (CMU) in Pittsburgh, was enrolled in CMU’s graduate program for computer science at the time. Together with his advisor and a team of other students, von Ahn took on Yahoo!’s challenge and set out to outsmart the bots. His solution? CAPTCHA, an acronym for “Completely Automated Public Turing Test to Tell Computers and Humans Apart.”

Now a staple of Web security from social networking sites to e-commerce, CAPTCHAs require users to transcribe a word that has been visually distorted. To the human eye, these words are typically very readable. But to computers using optical character recognition software, the wavy characters, often crossed by lines or shapes, are extremely difficult to decipher. And words are distorted at random using image editing software, so there is no unifying pattern for bots to uncover.

More recently, many companies have begun using reCAPTCHA, a newer version that requires users to transcribe two words in order to verify their identity. In addition to increased security benefits, reCAPTCHA is also contributing to a book digitization project whose goal is to make large amounts of difficult-to-find old texts available to the public via the Internet.

Von Ahn explains, “Whereas standard CAPTCHAs display images of random characters rendered by a computer, reCAPTCHA displays words taken from scanned texts.” One word whose spelling is known is displayed as a control word, and the user is asked to transcribe a second word that computer software has been unable to recognize. When enough users agree on the same transcription for a particular word, it is recorded and the digitization process continues. The natural degradation and texture of old paper offers an even higher level of protection against optical character recognition bots because it distorts text even more randomly than artificial distortion software does.

Free and secure, CAPTCHA can be implemented on any site to keep spammers out – and to ensure users’ privacy and safety online. Check out the Web projects in which we implemented CAPTCHA for Tippmann Sports and Mylan. CAPTCHA helps to keep Tippmann’s user forum, where paintball enthusiasts come to share knowledge and experience, safe from unwanted advertising posts. Likewise, Mylan’s “Contact Us” page uses CAPTCHA to make sure that all the e-mails the company receives are from legitimate human users, not spammers.

When it comes to Internet security, outsmarting computers is the key – and fortunately, humans still have the advantage. Now a standard around the world, CAPTCHA is a simple, efficient way to prevent spam – and it all started in Pittsburgh.