Internet: CAPTCHA chaos

By J. Carlton Collins, CPA

Q. Is there a way to get around those websites that require you to decipher text images that are barely readable? Half the time I can't tell whether the letter is supposed to be an uppercase or a lowercase letter, an O or a 0 (zero), or an I (an uppercase i), an l (lowercase L), or a 1 (the number one).


The image of text you are a referring to is called a CAPTCHA (an acronym for Completely ­Automated Public Turing test to tell Computers and Humans Apart). Invented in 1997, a ­CAPTCHA is a type of challenge-response test intended to prevent brute force password cracking and hacking tools from discovering a password by repeatedly entering tens of thousands of password guesses until the correct password is found. CAPTCHAs also prevent web bots from doing myriad annoying things such as entering spam data (hyperlinks, spam messages, etc.) into webpage data collection forms. Unfortunately, I have found that CAPTCHAs are necessary, as my website user forms routinely collected massive amounts of spam that virtually buried the legitimate data I sought to collect; adding CAPTCHAs to my websites eliminated this problem.

Because web bots and password-cracking tools supposedly can't defeat a CAPTCHA challenge, their use is thought to be a reasonable preventive measure. Nonetheless, I agree with you; I've wasted more than a few jiffies trying to decipher various CAPTCHAs. This leads me to wonder whether one of the following alternative methods might be a better approach:

  • Audio CAPTCHAs: Listen to an audio file and enter the phrase you hear (but computers can actually listen to audio files quite well).
  • Video CAPTCHAs: Watch and identify a video clip (however, even simple video clips can be interpreted many ways).
  • Math question CAPTCHAs: Answer a simple math question (as if a computer wouldn't be good at math).
  • Picture CAPTCHAS: Guessing one-syllable words for simple images (such as dog, house, barn, horse, boat, bear, shoe, or hat, as pictured below) would probably be easier than guessing severely distorted alphanumeric images. While such images, or a combination of images, might be easier, a large reservoir of unambiguous images would likely be needed to consistently outwit a computer bot.
  • Honeypot CAPTCHAs: Honeypot ­CAPTCHAs include a text box or data field that is invisible to humans but not to computers. Obviously, humans won't bother to fill in these boxes because they can't see them, but when web bots complete these fields, the spam entry can then be rejected immediately.
  • Checkbox CAPTCHAs: Users simply check a box to prove they are human, as pictured below. This type of CAPTCHA works for now, but if the use of checkbox CAPTCHAs grows more popular, computer web bots will likely be reprogrammed to defeat them.

An alternative approach is provided by a company called Akismet (, which provides website hosting bundled with technology that eliminates the need for websites to use CAPTCHAs. The company claims its technology identifies all web bots (and their kinfolk) and blocks them from accessing websites hosted on Akismet servers. The company also claims it prevents 7.5 million pieces of spam per hour. While this technology is indeed interesting, it doesn't help the average web surfer unless the website he or she visits uses Akismet.

While I like the checkbox CAPTCHA approach the best, and honeypot CAPTCHAs may be the most promising solution, cryptic alphanumeric CAPTCHAs appear to be a necessary measure we must continue to endure—for now.

About the author

J. Carlton Collins ( is a technology consultant, a CPE instructor, and a JofA contributing editor.

Note: Instructions for Microsoft Office in “Technology Q&A” refer to the 2007 through 2016 versions, unless otherwise specified.

Submit a question

Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to We regret being unable to individually answer all submitted questions.


Tax reform complicates year-end tax planning

Get your clients ready for tax season with these year-end tax planning strategies, which address how to make the most of recent tax law changes, such as the new deduction for qualified business income and the cap on the deductibility of state and local taxes.


What RPA is and how it works

Robotic process automation is like an Excel macro that can work on multiple applications, says Danielle Supkis Cheek, CPA. RPA can complete routine, repetitive tasks such as data entry, freeing up employee time from lower-level chores.