recommended reading

CAPTCHAs Are Becoming Security Theater

Maen Zayyad/Shutterstock.com

CAPTCHAs are a time-worn way for humans to tell computers that we are human. They are those little boxes filled with distorted text that we've been told humans can decipher, but computers—the bad guys' computers—cannot. So, Watson-be-damned, we enter the letters and gain access to whatever is behind the veil, leaving the bad bots steaming outside the pearly, CAPTCHA'd gates. As Google's ReCAPTCHA website puts it: "Tough on bots, easy on humans."

It is a satisfying display of human superiority built into the daily experience of the web. And, BONUS, you're often helping do optical character recognition on old books at the same time. Take that, Machines, you don't even have any books.

But then along comes Google today noting, in a showily short and breezy blog post, that their machines can beat ReCAPTCHAs 99% of the time

"Turns out that this new algorithm can also be used to read CAPTCHA puzzles—we found that it can decipher the hardest distorted text puzzles from reCAPTCHA with over 99 percent accuracy," writes Google product manager Vinay Shet. "This shows that the act of typing in the answer to a distorted image should not be the only factor when it comes to determining a human versus a machine."

But that's not even the most galling thing. That's reserved for the next paragraph.

"Last year, we announced that we’ve significantly reduced our dependence on text distortions as the main differentiator between human and machine," Shet continues, "and instead perform advanced risk analysis."

So, we've been proudly typing away the whole time, proving we were human, and Google knew that all along.

In an earlier post, Shet described their process in general terms: Google has begun "actively considering the user’s entire engagement with the CAPTCHA—before, during and after they interact with it. That means that today the distorted letters serve less as a test of humanity and more as a medium of engagement to elicit a broad range of cues that characterize humans and bots." 

Now, we go on typing into the box, but our evolved visual systems—some of the most sophisticated in the animal kingdom—are no longer all that necessary.

What we once did to assure Google that we were still human has becomesecurity theater. The only audience that we need to perform our humanity for is ourselves.

(Image via Maen Zayyad/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.