"Captcha" and authentication
Most everyone jealously guards the openness of the Internet and opposes measures to restrict, tax or obstruct traffic on the World Wide Web. However, there are technology rats that inhabit the 'net who use technology to mine information or otherwise use websites to self-promote, spam or even propagate viruses through the use of tools called Spiders, Spider Bots, or just 'bots that crawl around the Internet looking for websites for the purpose of grabbing information for legitimate purposes like allowing Google searches, or for log-in opportunities to register or hack into sites.
One of the ways that websites thwart 'bots is through the use of "gates" that automated Spiders can't see or get through because they require some human intelligence to get around. The most popular tool is called a captcha, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart. A captcha is a display of randomly chosen groups of 4-7 letters and numbers written in script or otherwise obscured to make it difficult or impossible for an automated program to read without human intervention. The website visitor is required to read the letters and numbers, retype them into a field and confirm that they are correct.
When it comes to bank websites, Ebay, Paypal or other privacy sensitive sites, this is a crucial security precaution. For those who operate blogs, membership websites or other sign-in online collaborations these 'bots can be a major pain in the butt because they constantly "register" as seemingly legitimate users but are really pimping ringtones, porn, loan consolidation or a host of spam.
Recently, my credit card company, MBNA, sold to Bank of America and instead of using Catpcha, they used a different tool that I found more user friendly. They asked legitimate users to re-confirm that they were legitimate and asked for a not-to-exceed 10 character word or phrase that is then co-mingled among 12 or more randomly chosen words from which to choose whenever the user logs in. In addition, the user is asked to identify the computer that is used to log in so that the website can authenticate the source of the inquiry.
OK, the latter authentication is kind of scary, smacks of Big Brother, and even creates further hassles when one is legitimately accessing an account from a different computer. But the end game is the same ... if you are who you purport to be, it should be easy to authenticate who you are.
You may have noticed of late that credit card companies ask that you verify a newly issued card by calling from your home phone. Even if your home phone is blocked from user ID, it is never blocked when you call an 800/866/888, etc number. If you call to activate a new or re-issued credit card from YOUR phone, the bank can authenticate who you are without human intervention, which is worth a bundle when you multiply the transactions by the labor costs.
So now you know a few new tech terms ... Catcha, authentication, 'bots and rats ... the last one is the most important to know.
Chris Crawford
www.justiceserved.com
Comments
I've never met the meaning of the Captcha term before, thank you. It's also frequently called "Word Verification".
The idea is clear, but in some places a Captcha picture is so sophisticated that is difficult to read even with human intervention. Another problem arises if you use an expensive Internet connection having the automatic image loading in the browser disabled.
As any protective measure Captcha sometimes is annoying, but if it is used so widely I guess it is really useful.
Posted by: Louve | December 23, 2006 02:21 PM
Thanks for writing, Louve. I agree that Captcha can sometimes be hard to read. Luckily, most come with a "refresh" feature to allow the user to pick another combination of letters and numbers that is hopefully more readable.
Plus no mention is made of the dyslexic who transpose numbers, letters and words.
Cheers !!
Posted by: Chris Crawford | December 23, 2006 11:51 PM