Google No CAPTCHA Simple for Humans, Tough on Bots

Google has reworked its reCAPTCHA authentication system with a new API that relies on reputation checking, and presents safe users with a simplified CAPTCHA.

Google is getting right to the point with the latest update to its reCAPTCHA authentication system.

Rather than have users signing in to an online service try to decipher blurred text, Google has simplified the process by simply asking users whether they’re a bot. One click later, they’re authenticated.

CAPTCHA systems are meant to be a barrier for spam bots and other automated crawlers. Humans must type in a word or phrase presented to them in a log-in dialogue box before being authenticated to the service. Google’s new API simplifies the reCAPTCHA experience, product manager Vinay Shet said.

“On websites using this new API, a significant number of users will be able to securely and easily verify they’re human without actually having to solve a CAPTCHA,” Shet said. “Instead, with just a single click, they’ll confirm they are not a robot.”

The change, Google said, is prompted by recent research that indicates bots are coming close to 100 percent accuracy in solving traditional CAPTCHA challenges. Earlier this year, Google modified reCAPTCHA based on a risk analysis of the user. Users considered safe by Google’s risk algorithms would see a less stringent CAPTCHA image, while bots designed to solve challenging images would get the opposite. Google made similar changes to audio CAPTCHAs based on the risk reputation of the user.

“The new API is the next step in this steady evolution,” Shet said of today’s announcement. “Now, humans can just check the box and in most cases, they’re through the challenge.”

In some cases, Shet said, CAPTCHAs won’t disappear entirely. If the risk analysis cannot determine whether the user is legitimate or a bot, they made still be presented with a CAPTCHA image to solve.

While this works fine on a desktop, a mobile user may still have a difficult time discerning a distorted CAPTCHA. In those cases, they may be presented with a challenge image and a grid of nine images and be asked to select all those that match.

Google said some early adopters of the noCAPTCHA API include Snapchat, WordPress and Humble Bundle.

“For example, in the last week, more than 60% of WordPress’ traffic and more than 80% of Humble Bundle’s traffic on reCAPTCHA encountered the No CAPTCHA experience—users got to these sites faster,” Shet said. “Humans, we’ll continue our work to keep the Internet safe and easy to use. Abusive bots and scripts, it’ll only get worse—sorry we’re (still) not sorry.”

 

Suggested articles

Discussion

  • Julia on

    hmm nothing new as usual. such boxes have been there for a long time before this "fantastic" news, so Google didn't really do anything incredible. but at least, threatpost can now change that awful captcha here. anyway, there are much better solutions like keypic, without standard captchas, boxes to check, puzzles, quizzes, whatsoever. but if you prefer another captcha from Google, now in the format of a box - go ahead, and good luck. You'll see robots will crack it as a nut.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.