Bots are better and significantly faster than humans at cracking Captcha tests, according to a comprehensive new study that inspected the security system deployed in over 100 popular websites.
Automated bots pose a significant threat to the internet because they can masquerade as legitimate human users and perform harmful operations like scraping content, creating accounts and posting fake comments or reviews, as well as consuming scarce resources.
“If left unchecked, bots can perform these nefarious actions at scale,” warned scientists, including those from the University of California, Irvine.
For over two decades, Captchas have been deployed as security checks by websites to block potentially harmful bots by presenting puzzles that are supposed to be straightforward for people to solve – but very difficult for computers.
Earlier forms of Captcha, for instance, asked users to transcribe distorted text from an image, but with advances in computer vision and machine learning, bots soon caught up to recognise the text with near perfect accuracy.
Engaged in an arms race with bots, Captchas have since evolved into an annoying presence on the internet, becoming increasingly more and more difficult to solve for both bots and humans.
However, the new yet-to-be peer-reviewed research, posted in arXiv, finds bots are able to quickly crack Captcha tests with ease, suggesting global effort users put into cracking these puzzles every day may be more trouble than its worth.
In the study, scientists assessed 200 of the most popular websites and found 120 still used Captcha.
They took the help of 1,000 participants online from diverse backgrounds – varying in location, age, sex and educational level – to take 10 captcha tests on these sites and gauge their difficulty levels.
Researchers found many bots described in scientific journals could beat humans at these tests in both speed and accuracy.
Some captcha tests took human participants between nine and 15 seconds to solve, with an accuracy of about 50 to 84 per cent, while it took the bots less than a second to crack them, with up to near perfection.
“The bots’ accuracy ranges from 85-100 per cent, with the majority above 96 per cent. This substantially exceeds the human accuracy range we observed (50-85 per cent),” scientists wrote in the study.
They also found that the bots’ solving times are “significantly lower” or nearly the same as humans in almost all cases.
Since current Captchas do not meet the required security goal of keeping bots away, researchers have called for better and more dynamic approaches to protect websites.