Use It Better: Eight Alternatives to the Hated Captcha

Programmers hope that humans can jump through these hoops better than bots

Join Our Community of Science Lovers!

Captchas are those annoying "What does this garbled text say?" puzzles that you have to solve before you're allowed to sign up for something online. (Read more about Captchas in March's Scientific American.) They’re designed to thwart spammers whose automated software bots would otherwise pollute the Web site with phony sign-ups.

But Captchas are sometimes so difficult that even humans can't solve them. And although they're no longer sufficient to stop spammers' increasingly sophisticated bots, they're 100 percent effective in keeping out blind people.

Various people have come up with alternatives to the hated Captcha. Each has its charms—and its drawbacks. For example:

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

Task Puzzles, Image Puzzles
In a world of tablets and touch-screen phones, a typing puzzle is extra clumsy. In a task puzzle, you're asked to do something, like "Tap here if you're human." In theory, a software bot can't do that. Unfortunately, non-English speakers won't know how to respond, either.

Some sites now offer image puzzles: "Draw a circle around the photo of a lighthouse." Great—unless you're blind.

The Audio Captcha
You hear a garbled, scratchy recording of someone saying a word, and you're supposed to type in what it says. But the same problems apply: sometimes it's hard for even a human to understand the word, and of course deaf people are left out.

The Math Puzzle
Instead of trying to interpret a garbled-looking word, you're asked to solve a simple math problem like "What's 3 + 3?" Both blind people and seeing people could solve this one.

The trick here, of course, is finding puzzles that are simple enough for everyone to solve, regardless of education level—and still hard enough to stop automated software bots. "What's 3 + 3?" won't stop many determined spammer bots.

The Trivia Puzzle
Another proposal: Ask a pitifully easy question like, "What color is the sky?" This kind of blockade is great if you're an English speaker and a perfect speller. Otherwise, it might keep out innocent bystanders as well as bots.

Text-Message Verification
When you try to sign up for a Google Voice account, you're asked for your cell phone number. When you click "Connect," your phone dings, and you're asked to type in a two-digit code that the Web site is displaying. Fast, easy and foolproof—unless, of course, you don't have a cell phone or you're blind or you don't live in the United States.

The Confirmation-Page Trick
Once you've filled in your sign-up information, you click "Okay"—and you arrive at a final confirmation page, where a message says, "Click 'Confirm' if this information is correct." This non-puzzle puzzle works very well, because software bots aren't expecting the additional step. Unfortunately, if yours is a popular site (such as Yahoo or Google), it won't take long for the spammers to catch on.

The Timing Trick
If you're a real person, it might take you a couple of minutes to fill in the fields of a Web form; if you're a software bot, you can fill it in instantly. A Web site's code can measure the time it takes you to fill in the form, and gauge your humanness that way.

Unless, of course, you use a Web browser (such as Safari or Firefox) that offers a one-click "Fill in my standard information button," which would make the site conclude that you, in fact, are a software bot.

The Hidden-Field Scam
The Web site's creator makes a tempting-sounding text box labeled something like "E-mail address"—and then makes it invisible, using CSS (cascading style sheets) coding. Humans will never see that box, and will leave it empty; software bots will fill it in.

This solution, too, isn't perfect, because those auto-fill features like Safari's will still fill in the invisible box, and not everyone has CSS turned on.

The bottom line: We can all agree that Captchas are horrible, but we can't agree on a perfect solution. But if you're a Web-site owner, consider this: the spammers don't have much interest in you unless you're a major site. If you're a relatively small site, you can probably get away with using one of the easier blockades described here or an automated spam-blocking trick (www.sitepoint.com/captcha-alternatives)—or none at all.

It’s Time to Stand Up for Science

If you enjoyed this article, I’d like to ask for your support. Scientific American has served as an advocate for science and industry for 180 years, and right now may be the most critical moment in that two-century history.

I’ve been a Scientific American subscriber since I was 12 years old, and it helped shape the way I look at the world. SciAm always educates and delights me, and inspires a sense of awe for our vast, beautiful universe. I hope it does that for you, too.

If you subscribe to Scientific American, you help ensure that our coverage is centered on meaningful research and discovery; that we have the resources to report on the decisions that threaten labs across the U.S.; and that we support both budding and working scientists at a time when the value of science itself too often goes unrecognized.

In return, you get essential news, captivating podcasts, brilliant infographics, can't-miss newsletters, must-watch videos, challenging games, and the science world's best writing and reporting. You can even gift someone a subscription.

There has never been a more important time for us to stand up and show why science matters. I hope you’ll support us in that mission.

Thank you,

David M. Ewalt, Editor in Chief, Scientific American