Battling the Bots With Next-Gen CAPTCHA
WHY YOU SHOULD CARE
Because a secure Internet should not be an annoying place to navigate.
By Vignesh Ramachandran
How often does this happen: You’re visiting a website when suddenly a box pops up and you’re asked to type in an illogical, and hard-to-read, string of letters to verify that you’re human?
All too often, right? And it’s frustrating when we can’t properly get past this annoying security feature. I’m human, gosh darnit.
The idea behind these programs, called “CAPTCHA” — for Completely Automated Public Turing Test To Tell Computers and Humans Apart — is essentially to prevent robots from taking over the World Wide Web. Spammers and other digital criminals ruin it for everyone else by trying to auto-fill forms or trespass password-protected sites with programs that can submit millions of form attempts in automated attacks.
But thankfully, researchers at the University of Alabama at Birmingham have come up with a better idea for battling the bots: Design simple puzzles that only humans can solve and make the whole process easier and far more engaging.
The gamification of Internet security has arrived.
We’re not talking Sudoku here, but instead of having to copy a series of distorted letters for a text-based CAPTCHA, you would play a quick drag-and-drop game that proves you’re human. The games are not unlike preschool activities: “Place ships on the sea,” “Feed the animals” or “Match the shapes.” These Dynamic Cognitive Game CAPTCHAs — or DCG CAPTCHAs — take an average of 11 seconds to solve, according to the researchers.
“These are challenges that are built using games that might be enjoyable and easy to play for humans, but hard for computers,” research lead Nitesh Saxena told OZY in a statement.
Have you noticed that the text-based CAPTCHAs that you see all over the Internet seem to have gotten harder to pass over time? Saxena says that’s because attackers have gotten smarter, even going to the extreme of paying third-party human solvers.
And even the current versions of new DCG technology are not immune to attackers since, according to Saxena, “A robot can learn about all of the DCG answers, maintain them in a dictionary and use this dictionary to attack a new DCG challenge that has been previously seen according to the knowledge in the dictionary.”
Which pretty much sounds like artificial intelligence and machine learning gone rogue. But since solving games with DCG CAPTCHAs is both harder and more dynamic, the technology can detect attacks by pinpointing behavioral differences between Average Joe and Attacker X.
The Alabama team is “trying to make DCG CAPTCHAs that have better resistance to automated attacks while maintaining a good level of usability,” according to Saxena.
DCG CAPTCHA technology is already being commercialized by Detroit startup Are You a Human, which has created game demos for brands like Ford, McDonald’s and Bacardi to identify which online visitors are human and which are not. One example: Prove you’re a human by filling the McWrap with chicken and lettuce.
So the next time you’re tempted to throw your computer out the window because you can’t get past an annoying text CAPTCHA, take a breath and hold on: The gamification of Internet security has arrived. And it’s about to get a whole lot more fun — as long as you’re human.