To CAPTCHA or not to CAPTCHA? Gartner analyst says OK — but don’t be robotic about it

2 min Read

Picking street signs from a matrix of images is out, cleverer challenges are OK

POLL Analyst firm Gartner has advised in favor of the use of CAPTCHAs — but recommends using the least-annoying CAPTCHAs you can find.

The firm’s opinion is contained in a post by senior director analyst Akif Khan, who noted that CAPTCHAs create friction for humans but remain an imperfect defense against bots.

Despite all this, Khan argued in support of them, with exceptions.

“Just don’t use the ‘pick a street sign from this matrix of images’ Google version of a CAPTCHA,” Khan wrote. He advised trying what he called “more evolved” versions out there, like those from Arkose Labs, GeeTest, or PerimeterX.

The analyst suggested that good CAPTCHAs should do more than ensure users provide a correct answer to a challenge and also determine if answers are given too quickly — as would be the case for a professional paid-per-correct CAPTCHA test. The test should also dynamically increase in complexity when bot or professional CAPTCHA-cracking activity is detected.

Khan also recommended only using CAPTCHAs for less than five percent of all sessions — and then only in true grey areas, leaving the bulk of spam detection to a vendor. He also suggested assessing CAPTCHA effectiveness with A/B testing across any sites you tend.

While Khan sees a role for CAPTCHAs, Cloudflare recently launched an anti-CAPTCHA manifesto. The web security company estimated that the world collectively spends 500 years every day completing the frustrating automated Turing tests that often rely on cultural nuance and hold people to physical and cognitive performance thresholds.

The Cloudflare blog post suggested using Cryptographic Attestation of Personhood (CAP), essentially a hardware security key, as superior to CAPTCHAs.

The Register knows readers just adore CAPTCHAs — let us know the extent of your ardour in the poll below. ®

CAPTCHAs: Abomination or savior?

Would you inflict CAPTCHAS on your users?

Read the original article here.

Share Now