by Bill Snyder

Google’s New, Simpler CAPTCHA Coming at Ya

Oct 30, 20132 mins

Those squiggly hieroglyphic puzzles you need to solve to access certain websites or services can be a major nuisance. Thankfully, Google is rolling out a newer CAPTCHA system that should be easier for humans to use - and harder for bots to circumvent.

I’m not as smart as a bot. I know this because stories are floating around the blogosphere today about how CAPTCHAs, those annoying word puzzles you have to solve before you’re allowed to do stuff on many websites, are easy to crack. Maybe so. But I can’t crack them. (CAPTCHA, by the way, stands for Completely Automated Public Turing test to Tell Computers and Humans Apart. It was developed at Carnegie Mellon University and acquired by Google in 2009. “Turing test” refers to the standard set in 1950 by British mathematician Alan Turing in 1950: a machine can be deemed intelligent only if its performance is indistinguishable from a person’s.)

Countless times I’ve been on the verge of buying a baseball ticket or posting a comment, only to be locked out because I can’t read the strange CAPTCHA hieroglyphics. Thankfully, Google, the keeper of the virtual key that is CAPTCHA, has decided to simplify the system so ordinary humans can crack the code and get to the ball game on time. In a post on Google’s security blog, CAPTCHA product manager Vinay Shet says his team has figured out a way to make the puzzles significantly easier for people to solve, while still filtering out bots.

Instead of puzzles made of letters that look like the one below, the new CAPTCHAs will contain a series of numbers that are much easier to read, like the second image below. “Bots, on the other hand, will see CAPTCHAs that are considerably more difficult and designed to stop them from getting through,” writes Shet. The new-style CAPTCHAs are already starting to appear, and you’ll see more in the future as Google continues to roll them out.


Sounds good, right? But there’s one the part I don’t understand. Shet says that when the software determines the entity attempting to engage with the protected page is a machine, CAPTCHA serves up a difficult puzzle. If it determines that the entity knocking on the door is a human, it serves a simpler puzzle. That raises an obvious question: If the software already knows a machine is trying to gain access, why bother with a puzzle? I reached out to Google for some insight, and if I hear back, I’ll update this post.