What is CAPTCHA?

The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is designed to protect webpages against bots. In theory, bots can’t answer the question posed by a CAPTCHA, making it possible for a website to block automated site visits without blocking legitimate users.

Request a Demo Risk Assessment

What is CAPTCHA?

How Does CAPTCHA Work?

CAPTCHAs work by asking a visitor to a website to solve a problem that is easy for a human but difficult for a computer. In general, these tend to be computer vision problems. For example, a CAPTCHA may ask the user to enter the characters displayed in a blurred image or identify all of the images in a grid that contain a traffic light. Some newer CAPTCHAs ask the user to click in a box stating that they are not a robot and use various metrics to differentiate between human and automated visitors.

What are CAPTCHAs Used For?

A CAPTCHA is designed to differentiate between a legitimate, human visitor to a website and automated traffic. CAPTCHAs are used for various purposes, including the following:

  • Account Registration: Scammers may use automated bots to register fake accounts with online services. CAPTCHAs on account creation pages make this more difficult.
  • Online Polling: An organization may run an online poll to collect user feedback for various purposes. CAPTCHAs on the polling page help to prevent bots from voting and skewing the results.
  • Spam Comments: Automated bots may leave fake comments on a webpage or reviews for a product. A CAPTCHA helps to ensure that all comments and reviews were left by a human user.
  • Ticket Scalping: For large events where tickets sell out quickly, scalpers may use automated bots to quickly buy up tickets for resale. CAPTCHAs help to ensure that all tickets are purchased by humans.

Types of CAPTCHAs

CAPTCHAs can come in a variety of different forms. Some common examples include the following:

  • Blurred Text
  • Image Recognition
  • Audio CAPTCHAs
  • Math and Word Problems
  • Social Media Sign-In
  • ReCAPTCHA (“I am not a robot” checkbox)

How CAPTCHA Prevents Scammers

Scammers and other cybercriminals commonly use automated bots in their attacks. Bots can register large numbers of fake accounts, automatically interact with a website, and perform credential stuffing attacks. Without automation, these attacks are nowhere near as scalable.

CAPTCHAs help to protect against scammers by reducing the tactics that they can use during their attacks. While a scammer can still perform many of the same malicious actions, they require a human user to solve the on-page CAPTCHAs. This slows down the process, making these attacks more expensive, less profitable, and less scalable for scammers than they would be otherwise.

Disadvantages of CAPTCHAs

CAPTCHAs have their advantages. They have the potential to differentiate between human and bot visitors to a website, reducing the load on a company’s systems and protecting against various types of automated attacks. However, CAPTCHAs are not a perfect solution to the problem of malicious bots.

Some of the limitations of CAPTCHAs include the following:

  • Poor User Experience: CAPTCHAs require a user to complete a task before visiting a webpage. Since these tasks can be difficult and frustrating, CAPTCHAs can sour the user experience and cause site abandonment.
  • Difficult for Some Users: Users that struggle with reading text may find some types of CAPTCHAs difficult to complete. For this reason, CAPTCHAs commonly include alternative options — such as an MP3 speaking characters for the user to input — and are moving to more inclusive variants — such as clicking the “I am not a robot” box.
  • Technological Support: CAPTCHAs may not be supported by some browsers, screen readers, and assistive devices. This prevents some users from visiting a website protected by a CAPTCHA.
  • Ineffectiveness: CAPTCHAs are designed to differentiate between humans and bots. However, some CAPTCHAs can be completed by bots, defeating their purpose.

Bot Management with Check Point

CAPTCHAs can be an effective solution to one aspect of the bot threat. By making it more difficult for scammers to automate their attacks, CAPTCHAs reduce the scalability, effectiveness, and profitability of these schemes.

However, managing the bot threat also requires addressing some of the other security risks that bots pose. Computers infected with botnet malware can be conscripted into performing these automated attacks. In addition to automated browsing of websites, these bots can also be used for distributed denial-of-service (DDoS) attacks against corporate websites and online services.

Check Point provides solutions designed to address these other bot threats. Check Point Harmony Suite integrates anti-bot defenses designed to identify the network traffic used by cybercriminals to control their bots. By identifying and blocking this traffic, Harmony Endpoint can prevent bots from carrying out these commands and alert on the presence of malware infections and begin the remediation process. To learn more about how Harmony Endpoint can help to protect against botnet malware and other threats, sign up for a free demo today.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK