23.3 C

How this company wants to get rid of CAPTCHA with a new security system

How this company wants to get rid of CAPTCHA with a new security system

One of the most common — and at times rather annoying — security system on websites is CAPTCHA. To select bridges, taxis or staircases in a grid of pictures is somewhat annoying. Cloudfare, a DNS services provider, has a plan to get rid of the whole CAPTCHA system. By the way, CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.

In a blog post titled, “Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness”, Cloudfare says that it takes a user on average 32 seconds to complete a CAPTCHA challenge. There are 4.6 billion global Internet users. “We assume a typical Internet user sees approximately one CAPTCHA every 10 days.”

Cloudfare has launched an experiment to cut down on the CAPTCHA “madness.” “The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are!,” the blog post further notes.

“We’re starting with trusted USB keys (like YubiKey) that have been around for a while, but increasingly phones and computers come equipped with this ability by default,” explained Cloudfare.

What Cloudfare wants to do is use Cryptographic Attestation of Personhood where a user clicks ‘I am human’ and gets prompted for a security device. The user decides to use a Hardware Security Key and plugs the device into their computer or taps it to their phone for wireless signature (using NFC).

“The short version is that your device has an embedded secure module containing a unique secret sealed by your manufacturer. The security module is capable of proving it owns such a secret without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate,” explains the company.

Designing a challenge aimed at protecting millions of Internet properties is no easy task, says Cloudfare. “In the current setup, we believe Cryptographic Attestation of Personhood offers strong security and usability guarantees compared to traditional CAPTCHA challenges,” the blog post further reads.

The ‘experiment’ will be available on a limited basis in English-speaking regions as of now. However, Cloudfare does have plans to expand it to other regions soon.


Source link


Please enter your comment!
Please enter your name here