Writing on the wall for complex CAPTCHAs
The often incomprehensible CAPTCHA security checks on websites could be on the way out following an innovation from researchers at the University of Buffalo.
CAPTCHA – short for Completely Automated Public Turing Test to Tell Computers and Humans Apart – are used to prevent bots infiltrating websites by mimicking human input, but often the squiggly numbers and letters displayed are illegible.
According to the scientists, frustrated consumers tend to leave websites if the CAPTCHA system refuses them entry more than once, potentially losing sales and traffic.
The answer, they say, is simple: handwriting.
“Here at the Center for Unified Biometrics, we’re the only ones who have proposed and thoroughly studied handwritten CAPTCHAs,” says Venu Govindaraju, lead scientist on the project.
Humans are good at reading handwriting, machines are not
“Our perspective is that humans are good at reading handwriting, machines are not. It comes naturally to humans. But computer scientists typically consider handwriting a hopeless case, until someone comes along and shows them that it isn’t.”
The idea is that websites could use whole words based on joined-up writing rather than random computer-generated letters that are distorted and disguised to fool bots.
“We have a huge database of thousands of handwriting samples and we can choose a letter from several to make a CAPTCHA that can still be read when they are joined up,” said Govindaraju.
Using the system to generate CAPTCHAs automatically from a central computer, websites could serve up an almost infinite number of words that would be easily readable to humans, but impossible for computers.
Website owners could also set the level of difficulty for CAPTCHAs, depending on the desired level of security.
“We have a program that reads the words to see how easy it is for a computer, and a metric that can gauge how easy it is to read for humans,” said Govindaraju.
“A website can set the difficulty level so that, say, only one CAPTCHA in 10,000 is too difficult for humans to read, but that might be easier for computers to read, too. An e-commerce site would want to be easier to get into than a nuclear facility.”
There are no immediate plans to release the system as yet, although a research student working on the project has been snapped up by Yahoo.
However, the scientists haven’t ruled out a commercial product.