recommended reading

CAPTCHAs Are Becoming Security Theater

Maen Zayyad/Shutterstock.com

CAPTCHAs are a time-worn way for humans to tell computers that we are human. They are those little boxes filled with distorted text that we've been told humans can decipher, but computers—the bad guys' computers—cannot. So, Watson-be-damned, we enter the letters and gain access to whatever is behind the veil, leaving the bad bots steaming outside the pearly, CAPTCHA'd gates. As Google's ReCAPTCHA website puts it: "Tough on bots, easy on humans."

It is a satisfying display of human superiority built into the daily experience of the web. And, BONUS, you're often helping do optical character recognition on old books at the same time. Take that, Machines, you don't even have any books.

But then along comes Google today noting, in a showily short and breezy blog post, that their machines can beat ReCAPTCHAs 99% of the time

"Turns out that this new algorithm can also be used to read CAPTCHA puzzles—we found that it can decipher the hardest distorted text puzzles from reCAPTCHA with over 99 percent accuracy," writes Google product manager Vinay Shet. "This shows that the act of typing in the answer to a distorted image should not be the only factor when it comes to determining a human versus a machine."

But that's not even the most galling thing. That's reserved for the next paragraph.

"Last year, we announced that we’ve significantly reduced our dependence on text distortions as the main differentiator between human and machine," Shet continues, "and instead perform advanced risk analysis."

So, we've been proudly typing away the whole time, proving we were human, and Google knew that all along.

In an earlier post, Shet described their process in general terms: Google has begun "actively considering the user’s entire engagement with the CAPTCHA—before, during and after they interact with it. That means that today the distorted letters serve less as a test of humanity and more as a medium of engagement to elicit a broad range of cues that characterize humans and bots." 

Now, we go on typing into the box, but our evolved visual systems—some of the most sophisticated in the animal kingdom—are no longer all that necessary.

What we once did to assure Google that we were still human has becomesecurity theater. The only audience that we need to perform our humanity for is ourselves.

(Image via Maen Zayyad/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.