14 DAY TRIAL // CAPTCHA systems are widely used to protect various Internet services or applications of unauthorized access of robots or other types of automatic attacks. These type of security systems are also called "reverse Turing tests" and are implemented in blogs to prevent spam comments, in forums to stop multiple postings, in email service registration to prevent multiple accounts creation and so on.
The role of a CAPTCHA is to make the difference between a bot and a human, through the validation of a test easily to realize and understand by humans, and nearly impossible by robots. This definition of CAPTCHAs working principle is true from theoretical point of view regarding the robots (artificial intelligence) capabilities. In practice, many CAPTCHA systems, without having the test generation algorithm made public were broken by robots.
Most of the actual CAPTCHA systems require the user to type some letters or numbers dynamically generated as a picture on a server side. Depending on the directives used in the generation algorithm, the letters are rendered in various ways. For example, the characters could be rotated, distorted, scaled, with different types of background having the role to make the optical character recognition more difficult for robots. Other types of CAPTCHAs will require the user to solve a problem like providing the result of a simple algebraic expression, this test being harder to be broken by robots.
CAPTCHAs efficiency (strength) is hard to establish, but some key points in evaluating a certain script exist. It is recommended to select a script providing many types of fonts, backgrounds, as well as generation algorithms. Another CAPTCHAs vulnerability is the maintenance of the session when the test is passed. Based on the session id of the respective CAPTCHA image, it will be possible to automate the requests to a certain system or service.
The current and past experiences regarding the CAPTCHAs strength show that this type of security system could be broken with actual technologies. But the presence of a CAPTCHA is always necessary when you need to enhance the stability and security of any web service or application. The changing of a CAPTCHA script at a certain interval of time could be a solution to improve the protection efficiency.