Internet: CAPTCHA chaos

By J. Carlton Collins, CPA

Q. Is there a way to get around those websites that require you to decipher text images that are barely readable? Half the time I can't tell whether the letter is supposed to be an uppercase or a lowercase letter, an O or a 0 (zero), or an I (an uppercase i), an l (lowercase L), or a 1 (the number one).

techqa-1


A.
The image of text you are a referring to is called a CAPTCHA (an acronym for Completely ­Automated Public Turing test to tell Computers and Humans Apart). Invented in 1997, a ­CAPTCHA is a type of challenge-response test intended to prevent brute force password cracking and hacking tools from discovering a password by repeatedly entering tens of thousands of password guesses until the correct password is found. CAPTCHAs also prevent web bots from doing myriad annoying things such as entering spam data (hyperlinks, spam messages, etc.) into webpage data collection forms. Unfortunately, I have found that CAPTCHAs are necessary, as my website user forms routinely collected massive amounts of spam that virtually buried the legitimate data I sought to collect; adding CAPTCHAs to my websites eliminated this problem.

Because web bots and password-cracking tools supposedly can't defeat a CAPTCHA challenge, their use is thought to be a reasonable preventive measure. Nonetheless, I agree with you; I've wasted more than a few jiffies trying to decipher various CAPTCHAs. This leads me to wonder whether one of the following alternative methods might be a better approach:

  • Audio CAPTCHAs: Listen to an audio file and enter the phrase you hear (but computers can actually listen to audio files quite well).
  • Video CAPTCHAs: Watch and identify a video clip (however, even simple video clips can be interpreted many ways).
  • Math question CAPTCHAs: Answer a simple math question (as if a computer wouldn't be good at math).
  • Picture CAPTCHAS: Guessing one-syllable words for simple images (such as dog, house, barn, horse, boat, bear, shoe, or hat, as pictured below) would probably be easier than guessing severely distorted alphanumeric images. While such images, or a combination of images, might be easier, a large reservoir of unambiguous images would likely be needed to consistently outwit a computer bot.
techqa-2
  • Honeypot CAPTCHAs: Honeypot ­CAPTCHAs include a text box or data field that is invisible to humans but not to computers. Obviously, humans won't bother to fill in these boxes because they can't see them, but when web bots complete these fields, the spam entry can then be rejected immediately.
  • Checkbox CAPTCHAs: Users simply check a box to prove they are human, as pictured below. This type of CAPTCHA works for now, but if the use of checkbox CAPTCHAs grows more popular, computer web bots will likely be reprogrammed to defeat them.
techqa-3


An alternative approach is provided by a company called Akismet (akismet.com), which provides website hosting bundled with technology that eliminates the need for websites to use CAPTCHAs. The company claims its technology identifies all web bots (and their kinfolk) and blocks them from accessing websites hosted on Akismet servers. The company also claims it prevents 7.5 million pieces of spam per hour. While this technology is indeed interesting, it doesn't help the average web surfer unless the website he or she visits uses Akismet.

While I like the checkbox CAPTCHA approach the best, and honeypot CAPTCHAs may be the most promising solution, cryptic alphanumeric CAPTCHAs appear to be a necessary measure we must continue to endure—for now.


About the author

J. Carlton Collins (carlton@asaresearch.com) is a technology consultant, a CPE instructor, and a JofA contributing editor.

Note: Instructions for Microsoft Office in “Technology Q&A” refer to the 2007 through 2016 versions, unless otherwise specified.

Submit a question

Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to jofatech@aicpa.org. We regret being unable to individually answer all submitted questions.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

QUIZ

News quiz: Scam email plagues tax professionals—again

Even as the IRS reported on success in reducing tax return identity theft in the 2016 season, the Service also warned tax professionals about yet another email phishing scam. See how much you know about recent news with this short quiz.