Do you have to enter captcha a lot? It’s no wonder you have to type in a word or a few squiggly letters after logging in to a website. Have you ever wondered why you need to enter a captcha? What does a captcha do?

In fact, captchas exist for the most purpose, is to distinguish between the input operation on the page by human and mechanical code programming. Just like the capTcha on 12306.net, its “evolution history” is a history of constantly battling with scalpers and ticket-snatching software. From simple numbers, letters, addition and subtraction at the beginning, to flickering letters and interference lines, and then to the continuous optimization of graphic captcha that challenges the lower limit of human intelligence in recent years…

“Sure I’m not a robot?” Exactly, CAPTCHA is called CAPTCHA, Completely Automated Public Turing Test to tell Computers and Humans Apart, proposed by CMU professor Luis von Ahn. The “Fully automatic Turing Test to distinguish computers from humans” could prevent the software from being widely misregistered, such as stopping scalpers writing a code to snap up tickets during peak holidays.

At this point, you might say, “I know why I need to type in captcha, but it’s boring to type in capTCHA, and I have to re-type if I make a mistake.” Then you must not know, captchas and these hidden functions ah!

Verification code functions:

1, in order to prevent the machine pretending to be human to do violent decryption: think about the terror, this is related to the network security of every user, now many websites, APP are bound to the user’s bank account, there are a lot of content also involves personal privacy, if the criminals violence decryption, the loss can be big.

2, prevent massive online registration abuse service: many machine friends must hate those malicious registration flooding, a full screen full of malicious comments and advertisements, instant not in a good mood;

3, to prevent the abuse of online mass operation: for example, when voting, some malicious voting software can achieve mass voting function, think of their hard canvassing, the other people a key to fix?

4, to prevent automatic release: for example, in the early years, hackers wrote a string of code to unscrupulous dumping a large number of zombie information, nonsense, spam, spam advertising, spam comments everywhere flying. Polluting the network environment at the same time, there are even more advertising fraud.

5. Prevent information from being collected and aggregated in large numbers: In the Internet era, the most valuable thing is content production. GanChan ah.

Explorations on captcha

The increasingly complex captcha, while increasing security, is still a source of frustration for many Internet users. Is there a form of captcha that is operatively simple but secure?

In fact, about this problem also someone is in the unceasing research upgrade, for example the intelligence of the top image has no feeling to verify, introduced the authentication system that can distinguish user identity without verification, its principle is also very simple actually. The risk control engine scans the operating environment and analyzes key parameters, including common IP addresses, geographic locations, usage habits, malicious features, and device fingerprints, before users attempt to log in or perform other traditional authentication operations. Based on the analysis of a large number of models and data, the risk control engine can make a prejudgment of the user’s identity. If the risk control engine thinks the user is a “good guy”, it just lets it go. If it is judged to be a “machine”, it will not be released; If in doubt, offer the captcha, and you can slide. This way is quite clever and intelligent compared to the above.

Don’t look down on this web site a little verification code, it is not the real users against, but in order to prevent malicious registered people who have ulterior motives and violent decryption password (guess), the purpose is to guarantee a clean network environment and the safety of users, but some advice on the way can draw lessons from the security vendor, such as the above mentioned ways of intelligent non-inductive validation.


Recommended reading:

  • What is the “captcha” that makes programmers hurt each other?
  • Juejin. Cn/post / 685041…