views:

112

answers:

5

Can anyone tell me what does CAPTCHA do as far as security issue is concerned?Registration form of many sites have this field but how it works?

+7  A: 

Completely Automated Public Turing Test To Tell Computers and Humans Apart

It prevents hackers from posting forms using automatic scripts, by requiring the user to input data read from images which are difficult to read automatically. The text can also be in the form of a sound, as per @BeRecursive's comments See this site.

It is used for logins as well as on other data entry forms. Here on Stack Overflow, if you edit answers or questions a number of times, you will be prompted before further edits are accepted.

There are two main forms. One has a single combination of characters that the user has to enter, the other, such as on SO has two.

The CAPCHA with two words usually consists of a word known to the Web Application and a second word that it is trying to decipher. See this site (thanks @Piskvor) The first word is used for validating the user and the answers to the second word are compared to other users' answers for that word and in this way the probable meaning of the text is determined. This is performed as a public service to organisations such as Libraries and Public Archives that are scanning large numbers of historical documents. The Optical Character Recognition (OCR) is not perfect and sometimes the meaning cannot be determined. So the word is made available in the CAPTCHA of a participating website and the meaning is determined. This process has no affect on the user of the website as it is only the first word that is used to determine whether they are a robot.

Daniel Dyson
+1  A: 

CAPTCHA is just a riddle in the form of image or sound. "Stupid" bots can't solve the riddle and so they can't enter the correct answer to the riddle. If the correct answer is not entered, then there is no registration. Simple as that:)

Petar Minchev
Not always images! Could be sound!
BeRecursive
@BeRecursive Yeah, but I haven't seen this till now somewhere. It is too distracting for the user.
Petar Minchev
The point is that it's a turing test, not a 'riddle in the form of an image'
BeRecursive
The only purpose for putting sound is for blind users, I think.
Petar Minchev
CAPTCHA can be a mix of image and sound - this will usually happen on websites that have tried to be as accessible as possible - partially sighted users may have trouble with the image so therefore sound is provided - therefore Berecursive is correct from his first answer
PaulStack
I agree completely and have edited my answer.
Petar Minchev
Yet sound usually sounds so horrible not even sharp sounded people can actually understand what's being said. Usually things are read from the middle of a sentence somewhere.
Robert Koritnik
+1  A: 

it is an attempt to stop bots from registering on a site, it works by generating and image with text on it, the idea is that it very difficult (though apprently not impossible) to write a bot that can recognize the text within an image, this is also why the text is in wierd fonts (sometimes making it impossible for human, well me, to read!!)

here is a good link

Pharabus
+2  A: 

A CAPTCHA is a "Completely Automated Public Turing test to tell Computers and Humans Apart". This basically means it is a simple test that makes it easy for a programmer to tell if a user is a computer or a person. It is usually visual and it relies on the fact that object recognition (including characters) is in its infancy at the moment. Recognizing letters is trivial for a human, however.

This ensures that the only users who will be able to fill in the form are those that can easily identify the objects on the CAPTCHA, usually characters. This is generally used to prevent automated form filling by bots (and to prevent spam)

BeRecursive
+1  A: 

Its purpose is as a challenge-response test to demonstrate that the person using it is a human being and not an automated program. It doesn't really "secure" a website, it just makes it increasingly difficult for an automated system to access that functionality of the site. The idea is that some functions (such as posting a comment on a forum) should be done by real humans only and not automated processes.

This complexity can range wildly. There's the common "distorted text" CAPTCHA which requires the user to enter text displayed in an image designed to be difficult for a computer to read, but those are getting increasingly easier to beat with software. For accessibility purposes there are audio CAPTCHAs which play a short clip of a word and the user enters what they hear. I've even seen ones that ask simple questions that any reasonable person should be able to answer but may stump a computer that wasn't prepared for it. Some of my favorites are a matrix of pictures that say "click on the cat" or something else innocuous, which again a computer probably won't be able to do easily but a human would.

See Wikipedia: http://en.wikipedia.org/wiki/CAPTCHA

See Captcha.net: http://www.captcha.net/

David