Internet: CAPTCHA chaos

By J. Carlton Collins, CPA

Q. Is there a way to get around those websites that require you to decipher text images that are barely readable? Half the time I can't tell whether the letter is supposed to be an uppercase or a lowercase letter, an O or a 0 (zero), or an I (an uppercase i), an l (lowercase L), or a 1 (the number one).


The image of text you are a referring to is called a CAPTCHA (an acronym for Completely ­Automated Public Turing test to tell Computers and Humans Apart). Invented in 1997, a ­CAPTCHA is a type of challenge-response test intended to prevent brute force password cracking and hacking tools from discovering a password by repeatedly entering tens of thousands of password guesses until the correct password is found. CAPTCHAs also prevent web bots from doing myriad annoying things such as entering spam data (hyperlinks, spam messages, etc.) into webpage data collection forms. Unfortunately, I have found that CAPTCHAs are necessary, as my website user forms routinely collected massive amounts of spam that virtually buried the legitimate data I sought to collect; adding CAPTCHAs to my websites eliminated this problem.

Because web bots and password-cracking tools supposedly can't defeat a CAPTCHA challenge, their use is thought to be a reasonable preventive measure. Nonetheless, I agree with you; I've wasted more than a few jiffies trying to decipher various CAPTCHAs. This leads me to wonder whether one of the following alternative methods might be a better approach:

  • Audio CAPTCHAs: Listen to an audio file and enter the phrase you hear (but computers can actually listen to audio files quite well).
  • Video CAPTCHAs: Watch and identify a video clip (however, even simple video clips can be interpreted many ways).
  • Math question CAPTCHAs: Answer a simple math question (as if a computer wouldn't be good at math).
  • Picture CAPTCHAS: Guessing one-syllable words for simple images (such as dog, house, barn, horse, boat, bear, shoe, or hat, as pictured below) would probably be easier than guessing severely distorted alphanumeric images. While such images, or a combination of images, might be easier, a large reservoir of unambiguous images would likely be needed to consistently outwit a computer bot.
  • Honeypot CAPTCHAs: Honeypot ­CAPTCHAs include a text box or data field that is invisible to humans but not to computers. Obviously, humans won't bother to fill in these boxes because they can't see them, but when web bots complete these fields, the spam entry can then be rejected immediately.
  • Checkbox CAPTCHAs: Users simply check a box to prove they are human, as pictured below. This type of CAPTCHA works for now, but if the use of checkbox CAPTCHAs grows more popular, computer web bots will likely be reprogrammed to defeat them.

An alternative approach is provided by a company called Akismet (, which provides website hosting bundled with technology that eliminates the need for websites to use CAPTCHAs. The company claims its technology identifies all web bots (and their kinfolk) and blocks them from accessing websites hosted on Akismet servers. The company also claims it prevents 7.5 million pieces of spam per hour. While this technology is indeed interesting, it doesn't help the average web surfer unless the website he or she visits uses Akismet.

While I like the checkbox CAPTCHA approach the best, and honeypot CAPTCHAs may be the most promising solution, cryptic alphanumeric CAPTCHAs appear to be a necessary measure we must continue to endure—for now.

About the author

J. Carlton Collins ( is a technology consultant, a CPE instructor, and a JofA contributing editor.

Note: Instructions for Microsoft Office in “Technology Q&A” refer to the 2007 through 2016 versions, unless otherwise specified.

Submit a question

Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to We regret being unable to individually answer all submitted questions.

Where to find May’s flipbook issue

The Journal of Accountancy is now completely digital. 





Implementing lease accounting

FASB’s Codification (ASC) 842, Leases, requires companies to make significant changes in the way they report operating leases. But one of the initial challenges might be simpler than you think … find out more with this report.