CAPTCHAs: What They Are and Why They're So Hard to Enter

Methods Cheaters Use to Crack CAPTCHAs

What Are CAPTCHAs?

Definition: A CAPTCHA is a test that many companies use to ensure that a human is submitting an online form, and not a bot, an automatic sweepstakes entry service, a hacker, or a software program. CAPTCHAs display an image that most people can recognize, but that computers have a hard time detecting.

CAPTCHAs have a wide range of applications, from preventing hackers from guessing every possible password combination to preventing fraudulent sweepstakes entries.

Why the funny name? CAPTCHA is an acronym that stands for "Completely Automated Public Turing Test to tell Computers and Humans Apart."

How Do CAPTCHAs Work?

The most common type of CAPTCHAs display a series of distorted letters and numbers. The entrant needs to type those letters and numbers into a box before the form will go through successfully.

In theory, computers can recognize text from images, but to do so reliably they have to have a clean, crisp image.

Therefore, CAPTCHAs are often distorted or placed on a confusing background pattern so that software programs cannot easily identify the letters and numbers by their shape.

Instead of strange letters and numbers, some CAPTCHAs ask people to play a game, such as putting all of the moving images of food on a plate (while ignoring other moving images that don't show food). This is also a test that is difficult for a computer to pass.

Why Are CAPTCHAs So Tricky?

Although they're supposed to be easy for humans to solve, CAPTCHA codes can be very frustrating. But there's a good reason why they are not easier.

Blocking cheaters and spammers is a game of cat and mouse; cheaters are always trying to crack CAPTCHAs, and companies are trying to strengthen their security to make them harder to get around (while still letting legitimate entries through).

Understanding the methods that spammers use to circumvent CAPTCHA sheds light on why those CAPTCHA codes are getting harder to enter.

Avoiding CAPTCHA with OCR

Family lifestyle
Nick David / Getty Images

OCR, which stands for Optical Character Recognition, is a way for computers to identify text from images. If you want to scan a document into your computer and edit it like any other electronic document, you'll scan the image into the computer and then use OCR software to convert the image into text.

If you have a nice, clear text CAPTCHA, cheaters can use OCR software to break the code.

This is why so many CAPTCHA codes are blurry, have wavy lines behind them, turn the letters sideways, or otherwise make the text hard to read.

If you've ever tried to scan in any documents, you'll notice that while many words scan through without problems, smears or smudges on the paper, or anything else that makes the text a little unclear, will cause the OCR software to make errors and confuse the words.

When CAPTCHA codes are hard to read, it increases the chance that cheaters' OCR software won't be able to break the code.

Displaying CAPTCHA Codes on Other Websites

CAPTCHAs are designed to be easy for humans to solve, but very hard for computers to enter automatically. But that doesn't help if it's humans who are unwittingly solving the CAPTCHAs.

Cheaters and spammers have gotten around CAPTCHAs by passing the code to another website, where people enter the code to get access to some other feature. For example, the people think they're solving a puzzle or typing a code to get access to an (often pornographic) picture.

This is one reason why some CAPTCHAs expire so quickly. If a new CAPTCHA needs to be entered every few seconds, it reduces the odds that cheaters can trick someone into typing the response quickly enough.

Paying People to Crack CAPTCHAs

Some companies offer programs that allow cheaters to crack CAPTCHAs for $1 or less per crack. They work in a similar method to the trick above, but they pass the CAPTCHA codes to people working in sweat shops in third-world countries to solve. A fast-expiring CAPTCHA can also fight this kind of hack.

Exploiting Poorly-Coded CAPTCHAs

Some CAPTCHAs are not coded correctly, so that it's possible to guess the desired result from the code or to have the same CAPTCHA accepted over and over again. Luckily, companies can avoid this problem by using free and reliable CAPTCHA programs like Google's Recaptcha.


It would be great if we didn't have to jump through hoops to submit a simple entry form, but those hoops are actually there for our protection.

For example, Kmart had to suspend a big sweepstakes when hackers started winning all of their prizes. Which was fairly easy to do, since the sweepstakes didn't use CAPTCHAs.

Nowadays, it's pretty rare to find a giveaway that doesn't use some kind of protection, either through a CAPTCHA or through a different verification method.

The courts have found that circumventing CAPTCA violates the DMCA, making it illegal. You can read more about the issues involved in this Wired article: Is Breaking CAPTCHA a Crime?

But despite the illegality, as long as there's profit in circumventing CAPTCHAs, criminals will always look for new ways to crack them, while companies will try new methods to boost security.

Continue Reading...