This past summer, I wanted to vote for my favorite baseball player to be a pick for the All-Star Game.
I went to the Major League Baseball website, picked my player and hit the button to submit my choice.
Then I was confronted with a "CAPTCHA" — one of those hard-to-read, squiggly collection of letters and numbers that ensure you're a real person and not a "bot" trying to game the system.
I had to type in the CAPTCHA characters before my ballot could be counted. But the characters were so hard to read, I kept getting them wrong, even after asking for new sets.
I finally gave up altogether — and no, my player wasn’t named as an All-Star Game starter.
CAPTCHAs catch on
If you’ve ever tried to vote for something online, purchase tickets or even comment on some blogs, you’ve likely encountered a CAPTCHA.
The CAPTCHA system was invented around 2000 by a team of researchers at Carnegie Mellon University in Pittsburgh. The team came up with the CAPTCHA acronym, which stands for "Completely Automated Public Turing Test to Tell Computers and Humans Apart." (It's not a perfect acronym.)
According to the Carnegie Mellon website, the first CAPTCHAs were developed for Yahoo to prevent automated programs from rapidly setting up free email accounts, which would in turn be used to pump out spam.
"CAPTCHA is simply a mousetrap to prevent computer-based, brute-force attacks by inserting a challenge that only humans can be able to answer," explained Frank Villavicencio, executive vice president of Identropy, a provider of cloud-based identity-management services in Moonachie, N.J.
"This is useful for sites where you want to prevent somebody to take an unfair advantage of limited goods or services that are contended, such as concert tickets (preventing scalping); online voting contests, where you truly care that only a human can vote, and so forth," Villavicencio said.
A CAPTCHA can go a long way to prevent cheats from gaming a system, but do those squiggly lines really have to be so difficult to decipher?
Yes, they do, said Jonathan Lyons, owner of Web-hosting company LyonsHost in Tallahassee, Fla.
"To tell you the truth, they are getting harder to read, even for me, but the 'bots' that leave spam on your site are getting better at recognizing the CAPTCHAs as well," Lyons said.
"When we first started using them, a functional CAPTCHA just used a couple of funny fonts and some lines through the text to make it hard for machines to read. Then the bots got smarter, and [now] we are all struggling with reading the CAPTCHAs."
Are you smarter than a machine?
Villavicencio explained that a CAPTCHA is actually just an image that looks like jumbled text to the naked eye.
Bots can read text, but not images, so to get around a CAPTCHA, spammers often turn to optical character recognition (OCR) software, which turns scanned documents into editable text.
"In other words, they are now able to identify some text inside of images," Villavicencio said. "That is why you now see such jumbled letters in the CAPTCHA boxes.
"You may also see multiple colors, or even lines through the text, in many CAPTCHA programs as attempts to thwart these spammers' new developments."
While CAPTCHAs seems like they primarily benefit Web hosts or businesses, everyone can appreciate the fact that there's less spam now than there was 10 years ago.
Web administrators and IT departments can spend time working on real site problems and customer concerns, rather than dealing with thousands of pieces of spam.
While a CAPTCHA doesn’t prevent malware infection or network intrusions by professional crooks who can hire human decoders, it can defeat casual hackers.
CAPTCHAs aren't foolproof. Sites that rely on them have been overwhelmed with bots, but for most businesses, it has helped to considerably cut down on spam.
For those of us who get frustrated trying to decode a CAPTCHA image, there are other options available.
At HealBee.com, a British website dedicated to helping people coming out of long-term relationships, managing director Chad Schofield turned to an alternative to the standard CAPTCHA.
"It really comes down to usability," Schofield said. "Normally, with usability, you go with standard conventions; [for example,] video play controls are almost universally the same because they are intuitive for the user.
"The problem is that conventional CAPTCHA methods can be frustrating to even the most Web-savvy audience," Schofield said. "If your target market is people who are not as fast on a mouse or keyboard, asking them to write out near-illegible text can drive them away from your site.”
If the site you use does use the standard CAPTCHA model, there is help if the images are too difficult to read.
"Use the audio CAPTCHA option if you can hear it," Lyons said. "It's made for the visually impaired, but everyone needs a hand now and then."
- 8 Tips to Protect Your Home During the Holidays
- Retailers Worry About PayPal Security — Should You?
- 6 Best Online Password Managers
© 2012 TechNewsDaily