WWW FAQs: What is a CAPTCHA?

2007-05-08: CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHA systems are used to prevent the automated misuse of popular websites. The goal is to ensure that the website is talking to a real human being, and not to an automated program.

Why Do We Need CAPTCHAs?

Websites like Hotmail (or GMail, or Yahoo) are useful. Lots of people like them. But there's a problem: spammers like them too! Hotmail accounts are convenient for sending unwanted junk mail.

So, spammers create bogus Hotmail accounts to spam us with. And they create as many as possible, as quickly as they can. That's a pain in the butt for everybody, including Microsoft (the owners of Hotmail).

How CAPTCHAs Usually Work

The traditional solution is to display a picture which contains letters and numbers turned at funny angles, distorted, and so forth. Everyone has seen this on Yahoo, GMail or Hotmail while applying for an account. The idea is that people can read them, but computers... hopefully... can not.

Websites like Hotmail require people to type in these letters and numbers before they are allowed to apply for a new account.

Captchas Are Not Perfect... Not Even Close

Sounds like a good idea - so what's the catch? Well, there are several problems:

1. Computers can break 'em anyway... although amateur programmers won't have an easy time doing so. Greg Mori and Jitendra Mailk's Breaking a Visual CAPTCHA discusses advanced techniques that can be used to crack even fairly sophisticated captcha systems.

2. Some humans can't break 'em! Obviously, blind users can't solve a visual captcha. Better captcha systems also offer an audio-based option. Even then, deafblind users (those who are both deaf and blind) are locked out. Sites employing captchas should at least consider offering special accounts to those with special needs in this area. One solution is to offer a telephone number - and make sure you accept TDD relay calls! These are voice calls placed through an interpreter. Your telephone support staff should be educated about this and encouraged to create accounts or carry out other captcha-protected tasks on behalf of legitimate users who contact you via phone.

3. Captchas can take up extensive CPU resources (that is, slow down your web server generating all of those images).

4. Bad guys will, in some cases, hire humans to do the data entry instead, or at least to do the captcha-solving part. If your troublemakers are determined to get past the captcha, they can.

How To Add A Captcha To Your Site

Now that you know what a CAPTCHA is, you might want to add one to your own site. To learn how to do that, just check out my separate article how do I add a CAPTCHA to my web form? There I provide a complete CAPTCHA solution and discuss how it works.

Legal Note: yes, you may use sample HTML, Javascript, PHP and other code presented above in your own projects. You may not reproduce large portions of the text of the article without our express permission.

Got a LiveJournal account? Keep up with the latest articles in this FAQ by adding our syndicated feed to your friends list!