CAPTCHA

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security mechanism used on websites to distinguish between human users and automated bots. CAPTCHAs are widely used to prevent spam, abuse, and automated attacks by requiring users to perform tasks that are easy for humans but difficult for machines.

How CAPTCHA Works

• Distortion: Text is warped or displayed with background noise to make automated recognition harder.
• Image recognition: Users select specific objects (e.g., "click all images with traffic lights").
• Checkboxes: The common "I’m not a robot" reCAPTCHA uses behavioral analysis in addition to the checkbox.
• Audio CAPTCHA: An alternative for visually impaired users, requiring recognition of spoken numbers or words.

Example of CAPTCHA in HTML

<form action="/login" method="POST">
  <input type="text" name="username">
  <input type="password" name="password">
  <!-- Google reCAPTCHA widget -->
  <div class="g-recaptcha" data-sitekey="your-site-key"></div>
  <button type="submit">Login</button>
</form>

Types of CAPTCHA

• Text-based CAPTCHA: Users type distorted characters.
• Image-based CAPTCHA: Users identify objects in images.
• reCAPTCHA v2: Google’s "I’m not a robot" checkbox.
• reCAPTCHA v3: Score-based, invisible to users, analyzing behavior.

Benefits of CAPTCHA

• Prevents automated spam in forms and comments.
• Protects against brute-force login attempts.
• Reduces automated account creation.
• Adds a security layer for sensitive actions.

Limitations of CAPTCHA

• Can reduce usability for legitimate users.
• Not always accessible (especially for disabled users).
• Advanced bots and AI can sometimes bypass CAPTCHAs.

Summary

CAPTCHA is an important tool in web security, preventing automated abuse by differentiating humans from bots. While effective, it should be combined with other security measures for best protection.