If you’ve spent any amount of time online, it’s likely you’ve been asked to solve a CAPTCHA to verify you are, in fact, a human – this is the awkward-looking, distorted text you have to squint really hard at to solve!
And, if you’re anything like me, you probably fail this test more often than not.
Google is in a catch-22 situation, really: We all hate CAPTCHA, but we hate spam more.
Without CAPTCHAs the Internet would be rife with bots spamming and stealing data from websites. CAPTCHAs aren’t perfect, but they’re an extra anti-spam measure, and a small price to pay for protecting a website – even though they can be annoying to solve.
When CAPTCHAs were first devised, they were highly effective at preventing spam. Over time though, the nuisance bots have got more sophisticated, and CAPTCHAs have had to get harder to stay ahead of them.
Unfortunately that makes them more difficult for us to solve – yet another catch-22 situation.
Well, Google’s anti-spam team have been hard at work, and in December they announced they would be retiring the old-style CAPTCHA and replacing them with the “No CAPTCHA reCAPTCHA” — or reCAPTCHA for short.
Although the name is a bit of a mouthful, this new version of CAPTCHA promises to improve website security while taking huge steps forward in user-friendliness by simplifying the verification process.
Instead of solving a CAPTCHA, visitors will simply check a checkbox to verify they are human.
At first glance this appears incredibly basic, but looks can be deceptive: reCAPTCHA uses an advanced “risk analysis engine” which analyzes user behavior to determine whether they are human or bot.
CAPTCHA isn’t dead yet, though, as if the engine can’t confidently confirm you are human you will be asked to solve a traditional CAPTCHA puzzle, or match up some images.
This improvement seems in-line with Google’s recent mobile-friendly push – CAPTCHAs were even more annoying to solve on mobile devices.
For a look at the new-style CAPTCHA in action, see below.
Teething problems
Although the reCAPTCHA sounds good on paper, and is definitely an improvement for users, it has struggled to inspire confidence that it can protect websites from bots.
Essentially, the reCAPTCHA works like a cookie, so if a visitor passes the test once they won’t have to do so again. If a bot is able to store the relevant cookies, it can access a site as much as it wants.
There is also the same problem with the old-style CAPTCHAs: if the bot fails the checkbox test – which, in theory, it should – it might still be sophisticated enough to solve the CAPTCHA. It might take them a bit longer to pass, but it is certainly do-able.
And, of course, spammers will simply find new solutions to beat the new anti-spam measures. There have been suggestions that spammers could hire real people to solve the puzzles, or use a technique called “clickjacking” to get innocent people to pass the test for them.
These are all good points that highlight the new CAPTCHA’s limitations, but remember that the new system is brand new. I have no doubt Google will be collecting as much information as possible which it can learn from to improve the situation.
It’s also worth pointing out that there will always be spammers, and they will always find ways around existing infrastructure. As long as Google is making positive steps and making it more difficult for spammers, what more can we ask of them?
What this means for WordPress users
In short, reCAPTCHA will make your website more user-friendly. And, as more and more websites begin adopting it, there will be a growing expectation from your visitors for you to do the same – in comparison, the old-style CAPTCHAs will feel very outdated.
The WordPress community moves quickly, and within weeks we’ve already seen the first wave of plugins to add reCAPTCHA functionality hit the plugin repository.
If you want to be one of the first to adopt this on your website, check out the free No CAPTCHA reCAPTCHA plugin – it lets you use the new system when visitors try to login, register, or comment. The plugin also lets you choose a skin for the new CAPTCHA, and auto-detects the visitor’s language.
It’s a brand new plugin with only 1,000 or so users to date, but if you want to add the new CAPTCHA to your site it’s the best solution so far.
Final thoughts
Although the new CAPTCHA has not been without its problems, Google has definitely created a system that’s easier for visitors to use, so we should be happy with that.
It hasn’t been the step forward in bot-prevention that many had hoped, but give Google time to get to grips with the new system and they should start making big improvements in this area.
We’ll be back in 2015 to report any developments on this issue – and any other announcements from Google – and discussing how they impact WordPress users.
Have a great New Year everyone!
What are your thoughts on the new No CAPTCHA reCAPTCHA? Let us know in the comments section below!
23 Comments