As the saying goes, “often go on the Internet, which do not verify”. Love it or hate it, who doesn’t scratch their heads and type in a few captcha every day?
However, verification code in the final analysis is a passive defense countermeasures, today we quickly comb through the development history of verification code from scratch, and introduce a very cutting-edge black technology, change passive to active, silky smooth: verification code without verification – no sense of verification.
First, why verification
Captchas are for anti-spam purposes. The need for human/machine authentication began in the 1990s, when Yahoo Mail was bombarded with machine-generated spam. The idea behind a gadget called CAPTCHA, designed by Luis von Ahn and his team, is that it is easy for humans to recognize, but hard for machines to recognize, and thus can distinguish humans from machines.
Two, how to verify
So, what’s the difference between a human and a machine?
CAPTCHA Completely Automated Public Turing Test To Tell Computers and Humans Apart CAPTCHA Completely Automated Public Turing Test To Tell Computers and Humans Apart Speak English! — Verification code. The Turing test is the key here, and simple questions and answers are the most commonly used method.
Graph zero testing is usually based on knowledge-based authentication (KBA) of human Knowledge, which mainly refers to the recognition of graphs and some simple analysis.
Attack and defense love and hatred
However, with the deepening of machine recognition ability and learning of human knowledge, the success rate of breaking common captcha is getting higher and higher, and the demand for jumping out of the “knowledge” recognition thinking mode is becoming more and more obvious.
In the pursuit of “intellectual challenges,” captchas are increasingly difficult to deal with as smarter machines as possible, and are increasingly intrusive to human users, even with completely confusing captchas:
So it is absolutely necessary to develop new ways of identifying what is uniquely human and what is hard for machines to imitate: behavior.
In the past few years, Google launched a jump out of the trap of “knowledge” “I’m not a robot” validation, the validation process only needs to users on the page before the “I’m not a robot” a check box off, it is the principle behind Google analysis by collecting a large number of real users mouse behavior, to determine whether human or machine operation.
Also make use of the machine is difficult to imitate human behavior characteristics, slider captcha has caused wide public concern over the recent, because this validation process also requires the user to do too much thinking (calling) knowledge, and adapt to the mobile terminal is no mouse track objective conditions, through the analysis of user’s fingers sliding speed, alignment position to determine the biological characteristics of the operator is a person or simulate human machine.
Fourth, the ultimate verification: no sensory verification
However, verification to verification, no matter how easy and simple, will still cause a certain amount of disruption to the user’s entire use process. Is there any way to…… No verification? !
In fact, the answer is yes, there are some risk control platforms have launched authentication systems that can identify users without verification, the principle is actually very simple. The risk control engine scans the operating environment and analyzes key parameters, including common IP addresses, geographic locations, usage habits, malicious features, and device fingerprints, before users attempt to log in or perform other traditional authentication operations. Based on the analysis of a large number of models and data, the risk control engine can make a prejudgment of the user’s identity. If the risk control engine thinks the user is a “good guy”, it just lets it go. If it is judged to be a “machine”, it will not be released; If in doubt, offer the captcha, and you can slide.
The combination of behavior-based validation processes with risk control decisions has several obvious advantages:
1. Block machine waste
This is also the most basic appeal of the captcha itself, the recognition of normal human users directly after the release, while the machine can not post spam.
2, good user experience — no thinking verification
When verification is really needed (such as the first time), different from traditional image authentication or voice authentication, users do not need to calculate or think during the slider authentication, and can slide into the next operation in a short time, which greatly improves the user experience.
3. Intelligent risk blocking
Traditional validation process can’t completely against imitation, increasingly strong machine, but the slider is closely related to validation and risk control decision-making, machine also fail validation trial and error, can block machine operation to intercept abnormal users, not just spam, other many kinds of machines and harmful behavior can be intercepted, including crawl, theft, etc.
Top image insensitive verification can be a variety of impedance brush single, wool pulling and other malicious actions, upgrade user experience, to understand the specific application scenarios, cases please go to the top image intelligent insensitive verification code >>
Recommended reading:
Access top image technology small program verification code process