CAPTCHA — How does it actually work?

Upon entering your account on a website or in an app, you might be asked to enter a word or a number combination from a strange-looking picture. They are usually distorted and sometimes it can take a few seconds to determine the symbols on the picture. This security step is named CAPTCHA and seems to be useless and tedious, especially if you have some problems with recognizing and entering the right combination. But to be honest, this simple test plays an important part in the security system as it makes access to websites or online purchases wholly unreachable for bots and computers.


CAPTCHA is an abbreviation that can be decoded as a Completely Automated Public Turing Test to Tell Computers and Humans Apart. It’s a type of test that helps the websites’ creators minimise the ability of a bot's registration or purchasing power. They're also referred to as "Human Interaction Proof" (HIP). CAPTCHA is widely used across the internet and mobile apps alike. The most common type of CAPTCHA is the picture that contains distorted letter combinations that you should comprehend and write down in the answer box. If you wrote the right symbols, the system gives you access to the site or to the following task. You can also see a variety of CAPTCHAS on different websites. Some of them require you to take a look at a number of pictures and choose those that contain a target object such as bicycles or traffic lights.

How does CAPTCHA work?

CAPTCHA came about mainly because of certain individuals’ attempts to trick the system by exploiting flaws in the computers that power the site. While these individuals are likely a small percentage of total Internet users, their activities have the potential to harm a huge amount of websites and their users. A free email provider, for example, might be inundated with account requests from automated software. That automated application could be part of a wider scheme to spam millions of people with junk mail. The CAPTCHA test is used to determine which users are genuine people and which are computer programs.

The internet and its computers are built using a proprietary coding language. Because of the unique and complex norms that human languages adopt, as well as the slang that humans use, computers have to spend a lot of time understanding them.

Most CAPTCHAs include visual tests, which the “brain” of the computer can’t figure out; it’s much less sophisticated and it's definitely harder for them to determine the pattern in pictures. While humans will spend a few seconds on CAPTCHA, artificial intelligence has to spend much more time on finding a consistent pattern.

There’s also an alternative to a visual CAPTCHA — one that is based on audio access. That type was developed to make it possible for CAPTCHA to be passed by those who have a visual impairment. Although there are more deaf than blind, approximately 75% of all adults require some kind of visual correction, so it’s much more likely that you’ll encounter someone who can’t focus on the letters on screen. After all, they are usually quite hard to read. Usually, audio CAPTCHA is a succession of spoken characters and numerals. Frequently it also is accompanied by background noises and sound distortion to protect against bots.

The third type of CAPTCHA is a contextual one. The task for the user is to interpret some text with his or her own words, keeping the main idea of the passage. While computer algorithms can recognize significant terms in literature, they aren't very adept at deciphering the meaning of those words.

It’s also important to distribute the CAPTCHA pictures in a random order to every user. If imaging would repeat constantly or would be displayed in a specific order, it would be easy for spammers to trace the subsequence of the pictures and program a computer system that would be able to pass the test automatically based on the CAPTCHA’s order.

Turing test

CAPTCHA was based on the Turing Test. Alan Turing, an ingenious mathematician, who was named “the Father of modern computing”, suggested this test to find out whether the computer is able to think like a human or not. The point of the test is that there are a number of questions that must be answered by two participants. One of them is a real person while the other is a computer. There’s also an interrogator whose task is to find out which answers were given by the machine and which ones were given by the human. If the interrogator isn’t able to understand who is who, the test has been passed.

The main goal of CAPTCHA’s creators was to create a test that could be easily passed by a human, but not by a machine.

The pictures that we see on the screen that we need to pass the captcha test are usually very complicated as it must be possible for every user to enter it. But bots are mostly unable to determine the text that is presented in the form of a picture.

Who uses CAPTCHA?

CAPTCHA is a type of verification tool that is widely used by websites and apps to ensure that a user is not a robot.

It is usually used to protect online pools from bots’ votes employed by scammers to cheat. Another purpose of using CAPTCHA is to restrict access to websites where consumers can create free accounts, such as Gmail. Spammers can't use bots to establish a slew of spam email accounts because of CAPTCHAs.

CAPTCHA is also used by ticket services to prevent profiteers from buying too many tickets for big events. This helps honest people to buy tickets in a fair manner while preventing scalpers from putting in hundreds of orders.

Finally, CAPTCHA is used to prevent spamming messages or comments on websites where it’s possible to contact the page’s user directly. It helps to stop bots from automatically sending spam and spoiling the ratings of products or services.

To sum up, CAPTCHA is a good tool to prevent the creation of spamming bots or automatically controlled web pages that spread viruses. It helps the creators of apps and websites to verify that a user is a real person, and not a computer programmed to spoil the system. This small but necessary stage of identification of the user is really helpful and recommended for exploitation on any websites where users are able to create free accounts. If you want to use CAPTCHA to protect your own website, you should be aware of the numerous failure possibilities that you may encounter. We recommend using a service like Google's reCAPTCHA to generate one for you. It’s also a good idea to download an antivirus program and use it together with CAPTCHA to keep your device secure.