CAPTCHAs are not efficient and can delay a transaction, often leading to either dropped customers, or customers that won’t return due to their dissatisfaction with the site. Customers look for a frictionless user experience, one that’s secure and efficient without delaying them from successfully completing a login, a signup or a transaction. By accepting the technology as the de-facto approach to stopping bots, you can look the other way and assume that it’s working.ĬAPTCHAs slow down very few attackers in reality, but one thing they are successful at is frustrating paying customers. As an online business, you have no visibility into what bots or attacks have been stopped with CAPTCHAs and which have gotten through. That’s exactly what the problem is with CAPTCHAs, however.
What online businesses don’t know, can’t hurt them. CAPTCHAs are nothing more than the security equivalent of plausible deniability. Bot operators use the latest technologies to build workarounds and appear human to a website. Today, bots are behind automated attacks that steal information, scrape prices, commit fraud, block legitimate customers from using your site, and more. It didn’t take long for CAPTCHA challenges to become ineffective at stopping automation. But then came motivated adversaries, CAPTCHA farms, and smarter AI. Why do so many businesses still rely on CAPTCHA as a security tool? It’s been shown, again and again, that these tools are nothing more than speed bumps for motivated attackers.īack when malicious bots were most often spam bots, CAPTCHAs were designed to prevent them from succeeding and using a business’ website to spread spam messages. This got me thinking a bit about the reliance of online businesses on various forms and generations of CAPTCHA technologies. It can even be done to technologies that serve up random pictures of crosswalks or taxis and ask you to click the correct boxes. Two of the most common questions I receive when talking about cybersecurity with friends and family who are not in the industry are “Can (insert technology, utility, or site here) be hacked?” and “How can bots get by a CAPTCHA?” My answers are always the same: anything that was built or engineered can be deconstructed or reverse engineered when there’s the correct motivation to do so. Sam Crowther, Founder and CEO, Kasada talks about the significance of overcoming CAPTCHA Technology’s Challenges for effective cybersecurity and stopping bot attacks
0 kommentar(er)
