(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Delivery network services (DNS) provider Cloudflare said it wants to replace CAPTCHA with a new security system after the company’s analysis revealed that time equal to 500 years is wasted on CAPTCHA every day.
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart, a way for online services to separate humans from bots. CAPTCHAs might include asking the user to tap the correct box with pictures of fire hydrants, crosswalks, traffic lights and so on.
The method can be frustrating at times as the user might not see the corner picture with a small part of traffic light on it.
“A real human should be able to touch or look at their device to prove they are human, without revealing their identity,” Cloudflare said in a blog post. “We want you to be able to prove that you are human without revealing which human you are.”
Cloudflare is introducing a new system called Cryptographic Attestation of Personhood. When challenged on a website, the user clicks on ‘I am human’ and is then prompted to use a security device to prove themselves. A hardware security key is sent to their computer or tapped on their mobile phone for wireless signature using NFC. A cryptographic attestation is then sent to the website upon verification of the test.
The company said that completing the process takes three clicks and about five seconds as compared with CAPTCHA’s average of 32 seconds.
Cloudflare noted that the challenge protects users’ privacy since the attestation is not uniquely linked to the user device. However, it added that the initial rollout is limited to a few devices such as YubiKeys, HyperFIDO keys; and Thetis FIDO U2F keys.
