You'll have undoubtedly encountered and completed a CAPTCHA test at least once. They’re standard for verifications such as account registration, password change, or making an online purchase.

CAPTCHAs are a simple test to prove you are a human and not a bot. There are a variety of reactions to CAPTCHAS: those who don’t have a problem completing them, those who find them frustrating or challenging, and those who are tired of having to complete one.

With many websites using them, so it begs the question, are they that important?

What Exactly Are CAPTCHAs?

A contrived acronym that stands for Completely Automated Public Turning test designed to tell Computers and Humans Apart. It is a challenge-based test to distinguish humans and bots and protect websites from spam and bots.

Some would prefer to complete a CAPTCHA test than two-factor authentication. The latter requires your mobile phone to receive a passcode or to provide a fingerprint or Face ID whenever you log into a new device. Nonetheless, they are both quick to complete.

Should you find a particular test difficult or appear to have failed it, there are options to reload, listen to it, or skip it for a new one. When you are required to complete a test, it could be one of four categories:

1. Image-Based

An example of an image-based CAPTCHA where the user has to select all the images they ask for

One of the most common tests you will encounter. Nine boxes with images will appear, and you must select the ones they ask for, like images with house numbers or crosswalks.

Sometimes, you might have to choose the opposite image, such as an image without a bicycle or a street sign. Also, there might be times when you have to keep clicking on specific images until they fade out, and there are none left to complete the test.

2. Text-Based

An example of an text-based CAPTCHA where the user has to type the letters or numbers into the text box

Another common and the most standard test you will encounter. Here you are asked to type out a series of letters or numbers in a text box that appears stretched, distorted, multicolored, or overlapped.

Some text-based CAPTCHAs may require you to type out letters exactly as they are, such as uppercase and lowercase. Though this test can be frustrating or difficult for some people.

3. Audio-Based

An example of an audio-based CAPTCHA where the user has to listen to hear the letters or numbers in the audio recording and type what they hear

This test is uncommon for many, as it only applies to visually impaired people. Here you will have to listen to letters and numbers in an audio recording with background noise. You then have to memorize what you heard, which can be difficult for some.

4. Math-Based

An example of a maths-based CAPTCHA where the user input a numerical answer to a maths equation

Another uncommon test you might encounter. This test will require you to complete a relatively easy addition or subtraction question by inputting a numerical answer in the text box. So, no need for a calculator.

So, Why Are CAPTCHAs Important?

They’re essential to websites as they provide an efficient way to reduce bots that attempt to divert traffic back to their servers, which can bring down applications and websites. Here, this would be a Denial of Service attack. But if the bots can’t see what’s in an image, they can’t complete any tests.

Compared to text-based tests, image-based tests are easier to understand. Image-based protects websites from bots with weak text recognition algorithms and is more difficult for bots to decipher than text-based, which requires image recognition.

However, text-based can be challenging for some people due to the visual features. But image-based is not without its faults, as it can also prove challenging for the visually impaired. And sneaky bots may find a way to bypass the test.

Some CAPTCHAs may only require you to click a checkbox, the good old “I’m not a robot” test. The difference with this CAPTCHA, known as reCAPTCHA by Google, is that it identifies you through your mouse movement and user activity.

A robot completing a reCAPTCHA "I'm not a robot" test on a MacBook Air

Though, it’s not just humans that can pass a CAPTCHA test. In a video, a robot demonstrated that it could complete the “I’m not a robot” test, which only requires clicking a checkbox. Bots, however, can bypass CAPTCHAs if they know the system in use and how to make it believe it is a human.

Are CAPTCHAs Truly Foolproof?

If a robot can bypass a CAPTCHA test, you may question the need for the tests. But just because one robot can, doesn’t mean all of them can. And not every human can pass the test, though this is rare. But have you ever questioned the efficacy of Google reCAPTCHA?

Google’s reCAPTCHA is used in 97% of the top one million websites and claims to be 99.8% accurate. DNS provider Cloudflare, however, stated that CAPTCHAs are ineffective and declared it was looking for a way to get rid of them.

It’s possible to block CAPTCHAs with a free browser extension that takes the hassle of completing a test by solving them for you. Google created a virtual machine that uses the search engine’s own language that is encrypted twice and decoded with a key.

When you click the checkbox, your data, including your IP address, screen size and resolution, browser, and the number of keystrokes, mouse clicks, and taps or scrolls you made, gets analyzed

What About an Alternative?

Should you not find Google’s reCAPTCHA compelling, there are other free alternatives like hCaptcha, which runs on 15% of the internet. It is almost identical to any other CAPTCHA service and supports all major browsers.

Logo for hCAPTCHA

Even though reCAPTCHA is still widely used, it has its limitations. For instance, reCAPTCHA Enterprise is a paid model that can become expensive for businesses with high traffic, such as e-commerce sites and digital banking apps.

hCaptcha’s main benefits are the ability to remove fake comments, emails, and accounts, and it’s free to use, except for its enterprise plan. Best of all, when users solve a hCaptcha, users under the publisher plan can earn money as a reward, according to hCaptcha’s Plans.

They're Annoying, But CAPTCHAs Work

Whatever your opinion of CAPTCHAs, their purpose is to protect websites. While they can stop malicious bots, they are not entirely foolproof and only reduce spam to an extent due to the continuous evolution of spam bots.

There will always be conflicted opinions on CAPTCHAs, which may result in website traffic declining if people find them difficult or don’t complete them. Websites must be cautious of potential threats as bots evolve and look for ways to bypass security measures. Have you thought of creating your own CAPTCHA validation to secure your website?