Bored Panda reached out to David Grout, Chief Technical Officer at FireEye, to find out more about CAPTCHA and just how it's gotten so difficult in the past few years. David explained that CAPTCHA is "a method for determining whether a website user is real or a spam robot."
This tool is designed to "ensure that website traffic is coming from human interaction either through number, letter, or image recognition to avoid robots connecting to the website or another type of online resource." David said that CAPTCHA tests were inspired by Turing Test techniques created by Alan Turing, and that their title means “Completely Automated Public Turing Test.”
In the early 2000s, CAPTCHA technology was developed with the intention of stopping automated spam activity. Meanwhile, in 2017, Google created its first version of reCAPTCHA that required the user to identify word/character problems. The idea was that these words would be intuitive and easy for humans to identify, but because of their visual alterations, computer systems would struggle.
#6

However, according to David, hackers are always trying to find ways to trick security barriers such as this. “Several techniques exist and CAPTCHA is becoming more complex to prevent it being bypassed.”
And if you’re still wondering whether it’s only you who can’t get those blurry traffic lights right, David assures us that CAPTCHA has indeed become more complex and difficult to use as part of the efforts to avoid it being bypassed. “Like with other areas of IT, the constant evolution of a tool like this can impact the user experience,” he concluded.
#9

But it soon turned out separating the bot from the human is a challenge on its own. But Shuman Ghosemajumder, who worked at Google combating click fraud before becoming the chief technology officer of the bot-detection company Shape Security, told The Verge that “game CAPTCHAs, video CAPTCHAs, whatever sort of CAPTCHA test you devise will eventually be broken.”
Instead, he suggests something called “continuous authentication.” It would primarily look at the behavior of a human user and would detect signs of automation. “A real human being doesn’t have very good control over their own motor functions, and so they can’t move the mouse the same way more than once over multiple interactions, even if they try really hard,” he said.
Meanwhile, Shuman stated that a bot interacts with a page without the need to move a mouse, therefore this precise action of moving the mouse is something that could be identified as a primarily human trait and would be hard to spoof.
















