在线登录网站或输入敏感信息时,有时可能会要求您单击复选框、将图像匹配在一起或输入随机的数字和字母序列。
这称为验证码(CAPTCHA)。它旨在阻止在线非人类行为。但这实际上意味着什么?像勾选一个复选框这样简单的一步验证码真的可以阻止机器人在线执行操作吗?(CAPTCHA)
让我们更深入地了解CAPTCHA是什么以及如何使用它来为整个互联网带来安全性。
什么是验证码?(What Is CAPTCHA?)
CAPTCHA是一个很容易理解的句子的奇怪首字母缩写词——它代表完全自动化的(A)公共(P)图灵(C)测试,以告诉(T)计算机(C)和人类(H)的(A)一部分。
因此,正如我们在网上所知, CAPTCHA本质上是一种自动测试,用于确定用户是人类还是机器人。机器人可以是旨在在线发布垃圾评论的自动化软件、带有一系列密码的暴力登录页面,或者可能是试图自动从其他网站抓取信息的软件。通过使用验证码(CAPTCHA),可以阻止机器人执行此类自动化行为。
验证码(CAPTCHA)实际上可以是任何东西,只要它可以使用某种只能通过像人类一样思考才能通过的测试。过去,最常见的CAPTCHA类型是用户键入以通过测试的一系列混乱的字母和数字。
这些字母是用几乎不合格的字体绘制的,这使得任何类型的自动化软件都很难阅读。它起作用了,但随着人工智能变得越来越强大,随着时间的推移,它提供的安全性值得怀疑。
如今,您在网上看到的最常见的CAPTCHA来自(CAPTCHA)Google,称为 re CAPTCHA。还有其他选择,但我们可以使用Google来解释它是如何工作的。
reCAPTCHA 的类型和它们是否有效?(The Types Of reCAPTCHA & Do They Work?)
谷歌(Google)现在已经经历了 reCAPTCHA 软件的三个主要迭代。让我们来看看每个版本之间有何不同,以及它们如何阻止机器人。
reCAPTCHA v1 – 传统文本测试(– Traditional Text Test)
最初的 reCAPTCHA v1 现在可能会让您怀念,那是因为它不再使用了,这是有充分理由的。这种方法需要用户通过阅读和重写他们在屏幕上看到的内容来输入单词。文本总是难以阅读,试图阻止机器人破解它。
最终,这种级别的CAPTCHA并没有提供太多的保护,而且这种令人沮丧的系统,它激怒了用户并失去了许多网站所有者的流量。
随着我们进入移动时代并削弱注意力跨度,谷歌(Google)想要创建一个更好的解决方案,因此,reCAPTCHA v1 被废弃,v2 诞生了。
reCAPTCHA v2 – 我不是机器人复选框(Robot Checkbox)
reCAPTCHA v2 是朝着正确方向迈出的一大步。使用 reCAPTCHA v2,Google 的软件会注意您的按键和鼠标移动的方式,以确定您是否是机器人。
随着网站上与 reCAPTCHA v2 的每次交互,该软件将更多地了解人类行为是什么和不是什么,使其在学习过程中更加准确。如果您的行为与人类相似,则只需单击复选框即可。
如果您被标记为可疑,系统会要求您单击照片上的匹配图片。这是一个让最终用户只需 55 秒即可解决的测试。对于机器人来说,这似乎很棘手,而谷歌(Google)似乎支持它来保护网站免受机器人攻击。然而,谷歌(Google)搜索将显示各种声称他们用机器人破坏系统的研究、测试和软件。
总之,reCAPTCHA v2 会阻止机器人,它会减慢机器人的速度,也许到了不值得尝试的地步,但它可能并不总是阻止有动力的个人或组织。
reCAPTCHA v3 – 隐藏的验证码
reCAPTCHA 3 与上述选项不同。reCAPTCHA 不会通过测试来确定用户是否是机器人,而是会监控用户与网站的交互以给该用户打分。
该分数将使用不同的因素,例如他们在网站上的移动方式,或者他们首先访问的页面,并使用以前的数据进行备份。
然后,网站所有者可以设置 reCAPTCHA v3 以根据用户的分数级别阻止或拒绝用户访问。或者,可以将其设置为在短时间内限制或限制操作,将帖子发送到审核队列,或者需要二次身份验证。
再一次,正在进行研究以尝试破解 reCAPTCHA v3(try to crack reCAPTCHA v3)。不过,这一次,研究人员正在寻求创建一种人工智能,它可以访问网页并在其中尽可能像人类一样执行操作,以通过不可见的验证(CAPTCHA)码测试。
那么验证码真的有效吗?(So Does CAPTCHA Actually Work?)
到目前为止,有一件事已经很清楚了——研究表明CAPTCHA或 re CAPTCHA并不能阻止所有非人类活动。但是,它确实严重限制了机器人流量并阻止了大部分机器人流量。因此,从这个意义上说,我们可以说CAPTCHA有效,即使它没有 100% 的成功率。
也许人工智能会变得更聪明,并且能够更像人类,但在这种情况下,谷歌(Google)将放弃重新验证验证(CAPTCHA)码 v4,或者其他验证码(CAPTCHA)开发人员将发布新的东西。
这就像一场无休止的猫捉老鼠游戏。最终,拥有CAPTCHA(CAPTCHA)的网站会做得更好,它可以将机器人活动从数千减少到几乎微不足道的数量。
HDG Explains: What Is CAPTCHA & How Does It Work?
When signing into a website online, or entering sensitivе infоrmation, you may sometimes be asked tо click a tick box, match images together, or type in а random series of numbers and letters.
This is known as a CAPTCHA. It’s designed to stop non-human behavior online. But what does that actually mean? And can a CAPTCHA with one step as simple as ticking a box really stop bots from performing actions online?
Let’s take a deeper look into what CAPTCHA is and how it is used to bring security throughout the internet.
What Is CAPTCHA?
CAPTCHA is a strange acronym for a pretty easy to understand sentence – it stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
So, essentially CAPTCHA, as we know it online, is an automated test to determine whether a user is a human or a bot. A bot could be automated software designed to post spam comments online, brute force login pages with a series of passwords, or perhaps software that tries to automatically scrape information from other websites. By using a CAPTCHA, bots can be stopped from performing automated behavior like this.
A CAPTCHA could really be anything, so long as it can use some kind of test that can only be passed by thinking like a human. In the past, the most common type of CAPTCHA would be a series of jumbled letters and numbers that users would type to pass the test.
The letters were drawn with almost ineligible font, to make it very hard for any type of automated software to read it. It worked, but with AI getting more powerful, the security it offered was questionable as the years went on.
These days, the most common CAPTCHA you will see online is from Google, called reCAPTCHA. There are alternatives, but we can use Google’s as an explanation of how it all works.
The Types Of reCAPTCHA & Do They Work?
Google has gone through three major iterations of the reCAPTCHA software now. Let’s take a look at how each version differs from each other and how they work to stop bots.
reCAPTCHA v1 – Traditional Text Test
The original reCAPTCHA v1 may look nostalgic to you now, and that’s because it’s not used anymore, for good reason. This method would require users to type words by reading and rewriting what they saw on the screen. The text was always hard to read, in an attempt to stop bots from cracking it.
Ultimately, this level of CAPTCHA didn’t provide much protection for long, and with such a frustrating system, it annoyed users and lost many website owners traffic.
As we moved into the era of mobile and weakening attention spans, Google wanted to create a better solution and thus, reCAPTCHA v1 was scrapped and v2 was born.
reCAPTCHA v2 – I’m Not a Robot Checkbox
reCAPTCHA v2 was a huge step in the right direction. With reCAPTCHA v2, Google’s software will pay attention to your key presses and the way your mouse is moving to determine whether you are a robot or not.
With every interaction on a website with reCAPTCHA v2, the software will learn more about what human behavior is and isn’t, making it more accurate as it learns. If your behavior is humanlike, you’ll get through with just clicking the checkbox.
If you get flagged as suspicious, you’ll be asked to click matching pictures on a photo. This is a test that gives the end user just 55 seconds to solve. For a bot, this would seem tricky, and Google seem to stand by it for protecting websites against bots. However, a Google search will reveal all sorts of studies, tests, and software that claim they’ve broken the system with a bot.
In summary, reCAPTCHA v2 will stop bots, it will slow down bots, perhaps to the point where it’s not worth trying, but it may not always stop a motivated individual or organisation.
reCAPTCHA v3 – Hidden CAPTCHA
reCAPTCHA 3 is different to the aforementioned options. Instead of serving a test to determine whether a user is a bot or not, reCAPTCHA will monitor a user’s interaction with a website to give that user a score.
That score will use varying factors, such as how they move around the site, or what pages they visit first, and back that up with previous data.
A website owner can then set up reCAPTCHA v3 to either block or deny a user access depending on their score level. Alternatively, it can be set up so that actions are throttled or limited for a short time, posts are sent to moderation queues, or secondary authentication is required.
Once again, there are studies being done to try to crack reCAPTCHA v3. This time, though, researchers are looking to create an AI that can visit a webpage and perform actions there as humanlike as possible to pass the invisible CAPTCHA tests.
So Does CAPTCHA Actually Work?
So far, one thing has been clear – research has shown that CAPTCHA, or reCAPTCHA, does not stop all non-human activity. However, it does severely limit bot traffic and stop the majority of it in its tracks. So, in that sense, we can say that CAPTCHA works, even if it doesn’t have a 100% success rate.
Perhaps AI will get smarter and will be able to act more human like, but in that case, Google will drop reCAPTCHA v4, or other CAPTCHA developers will release something new.
It’s like an endless game of cat and mouse. Ultimately, a website does much better to have CAPTCHA and it can reduce bot activity from the thousands into almost minuscule amounts.