Complicated CAPTCHAs can keep you from logging in to websites protected by those annoying squiggly letters. Thankfully, researchers have found a new way to let you in while keeping the spam bots out. How annoying are CAPTCHAs? You know, those squiggly letters in a box that are designed to prove you are a human — or not? Very annoying, though Google, which controls CAPTCHAs, has made them easier to work with. Now researchers have devised a much cooler way to achieve the same goal, using game-like puzzles that are easy for people to solve, but difficult for a spam bots to figure out. Nitesh Saxena, a professor of computer science at the University of Alabama at Birmingham, led a team that investigated the security and usability of this next generation of CAPTCHAs based on simple computer games. Instead of using hard-to-read letters or numbers, the researchers used various puzzles composed of moving images. For example, in a “ship parking” challenge, the user has to identify the boat in a set of moving objects and drag-and-drop it to the available “dock” location. Or the user might simply be asked to match shapes. (See below.) University of Alabama at Birmingham That’s pretty simple for a human, but it might be difficult for a bot, according to the researchers. Also, its game-like nature may make the process more engaging for the user than conventional text-based CAPTCHAs, they said in post on the university’s website. Not only are CAPTCHAs annoying, they’re vulnerable to attacks. “In traditional CAPTCHA systems, computers may have a hard time figuring out what the distorted characters are — but trained humans can do it in seconds,” Saxena said. “The trouble is that criminals have figured out that they can pay people — a penny or less per time — to sit in front of a screen and ‘solve’ CAPTCHAs to let them do what they want. This is known as a CAPTCHA relay attack.” A few years ago, Stanford University researchers created a program called Decaptcha. It was so powerful that it was able to bypass 66 percent of CAPTCHAs on Visa’s Authorize.net payment site; 70 percent at Blizzard Entertainment; a quarter of the ones used by Wikipedia; and many more CAPTCHAs on a handful of other sites including CNN, eBay, Digg and Captcha.net. It’s not clear when or even if Saxena’s method will find its way to the public Web. Let’s hope it’s sooner than later. Related content brandpost Sponsored by SAP Generative AI’s ‘show me the money’ moment We’re past the hype and slick gen AI sales pitches. Business leaders want results. By Julia White Nov 30, 2023 5 mins Artificial Intelligence brandpost Sponsored by Zscaler How customers capture real economic value with zero trust Unleashing economic value: Zscaler's Zero Trust Exchange transforms security architecture while cutting costs. By Zscaler Nov 30, 2023 4 mins Security brandpost Sponsored by SAP A cloud-based solution to rescue millions from energy poverty Aware of the correlation between energy and financial poverty, Savannah Energy is helping to generate clean, competitively priced electricity across Africa by integrating its old systems into one cloud-based platform. By Keith E. Greenberg, SAP Contributor Nov 30, 2023 5 mins Digital Transformation feature 8 change management questions every IT leader must answer Designed to speed adoption and achieve business outcomes, change management hasn’t historically been a strength of IT orgs. It’s time to flip that script by asking hard questions to hone change strategies. By Stephanie Overby Nov 30, 2023 10 mins Change Management Change Management IT Operations Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe