Vancouver-based NuCaptcha Inc. has beefed up the security features of its Google ReCaptcha alternative on Thursday, calling for Web site owners to “make the switch” to its video-based CAPTCHA system.
The company, which offers a cloud-based replacement for Google’s CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart), said the major difference between Google’s technology and its flagship CAPTCHA system is the use of moving text against a moving pattern.
A CAPTCHA is typically a jumbled sequence of letters that a user must enter before accessing certain features on a site, usually signing up for an account or posting a comment.
Instead of streaming letters, the widely used Google ReCaptcha system offers users a static, “one-size fits all” box of blurry letters, said NuCaptcha CEO Ron Moravek. This negatively impacts the user experience, he added, as data shows that one in four people fail to solve a CAPTCHA puzzle and move on to another site.
NuCaptcha said that while making the experience significantly easier for users to get through is a top priority for the firm, increasing security for Web site owners is just as important.
As part of its latest update, NuCaptcha added a slew of security and customization features that it hopes will convince Web administrators to switch off of Google’s platform.
Christopher Bailey, co-founder and chief technology officer of NuCaptcha, said administrators will now be able to configure the strength of their CAPTCHAs, with the option to serve up a CAPTCHA with as few as three letters and as many as eight letters.
While NuCaptcha can be used free for sites serving less than 25,000 CAPTCHAs per month, one upgraded feature found in the paid enterprise version gives administrators expanded reporting options, SLAs and automated risk assessment capabilities.
“We’ve found there’s a very significant difference with how software interacts with a system versus how human farms or regular users do,” Bailey said. NuCaptcha’s technology, he said, creates a baseline of normal behaviour on how frequently IP addresses are solving CAPTCHA and uses that data to automatically modify CAPTCHA strength.
For example, a user that consistently fills out the CAPTCHAs at within a second or two might raise a warning sign.
On the customization front, NuCaptcha has also been upgraded to make things easier for design-conscious Web developers.
The company introduced a smaller version of its CAPTCHA that can be customized in “skinless” form. This lets developers seamlessly add a CAPTCHA into the theme of their page.
“They no longer have to be an eyesore,” Moravek said.
The company said its NuCaptcha’s technology, which is hosted on Amazon, is currently being used by over 5,000 Web sites.
Despite frustrations from some human users and a growing base of small firms looking to come up with alternatives for the technology, CAPTCHA puzzles appear to be here to stay, according Eve Maler, a principal analyst covering security and risk for Forrester Research Inc.
“I see CAPTCHAs more often reserved for enrollment time versus routine authentication into consumer-scale web apps, though it’s also used frequently by sites that allow one-time user access in lieu of registration for long-running account management,” she said. “For the purpose of distinguishing humans from bots, I haven’t seen other broad-based technology crop up.”