What is a ‘CAPTCHA’ Test? How do CAPTCHAs Work?

How many times do you see a small box with random twisted letters usually during registration or while leaving a comment? Countless, isn’t it? You may or may not know the name, but you must be familiar with it if you are a regular internet user.

Yes, I’m talking about a CAPTCHA box, and we all have filled it at some point. But do you know what a CAPTCHA is and why it is so important to undergo a CAPTCHA test when trawling the Internet?


CAPTCHA is an abbreviation for Completely Automated Public Turing test to distinguish between machine and humans input. It is a human response test to inform computers that a human being is communicating with them.

Generally, it checks whether you are a robot or a human being. The most common type of CAPTCHA is an image of several randomly distorted letters or numbers. The purpose of a CAPTCHA is to prevent hackers and spammers from employing auto-filling software programs on websites.

In this article, we will discuss in detail about CAPTCHA test, how it works and why do we need CAPTCHAs.

Let’s begin.

What is a CAPTCHA Test?

A CAPTCHA is a kind of challenge-response test used to determine whether or not the user is a human being. The website presents you a question or challenge in the form of CAPTCHA.

You as a user must provide a valid response for authentication.

You can see it as a short online typing test that is easy for humans to pass but difficult for robotic software programs to complete. Hence, the test’s actual name is Completely Automated Public Turing test.

An average person can solve a typical CAPTCHA in approximately 10 seconds.

Why do we need CAPTCHAs?

CAPTCHAs deter bots from overrunning sites with spam, fraudulent registrations, fake sweepstakes entries, and other evil things.

These distorted images can be understood only by humans and not computer generated programs. Hence, bots cannot navigate sites protected by CAPTCHA.

Websites utilise CAPTCHA to prevent quality of service (QoS) degradation. Mostly, free online services should be protected with a CAPTCHA to prevent abuse by automated programs.

CAPTCHAs have various applications for security, including but not limited to the following:

Prevent spam comments

Some Web pages allow visitors to either post comments to the site or send them directly to the Web administrators. Many spammers bombard comment sections with links and bogus comments to increase search engine rankings.

That’s why almost all sites have a CAPTCHA program to filter out the noise.  By using a CAPTCHA, only humans can leave comments and users don’t have to sign in beforehand to leave a comment.

Protect annonymous registrations to a website

Registration forms on Web sites commonly apply CAPTCHAs. Free Web-based e-mail services like Gmail allow users to create an e-mail account free of cost.

Usually, users have to enter some personal information when creating an account, but these services typically do not verify this information.

They use CAPTCHAs to try to prevent spammers from using bots to generate hundreds of spam mail accounts.

These bots can be part of a broader attempt to send out spam mail to millions of people.

Protect email addresses from scrapers

Spammers crawl the internet in quest of email addresses posted in clear text. In this case, CAPTCHAs provide an effective mechanism to save your email address from Web scrapers.

So, other users have to solve a CAPTCHA before they see your email address.

Genuine online polls

Can you trust the result of an online poll? No, unless it ensures that only humans can vote. Sometimes people will use programs to stuff online polls in favour of a particular choice.

Usually, IP addresses are recorded to check that people do not vote more than once, but with the application of bots, one can circumvent this policy. It makes it hard to trust online polls if CAPTCHA codes are not involved indeed.

Prevent dictionary attacks

CAPTCHAs are also efficient in preventing dictionary attacks in password systems. Dictionary attacks refer to attacks in which a computer goes through every word in a dictionary to obtain access to someone’s password and account.

CAPTCHAs prevent this by requiring the computer (or person) to solve a CAPTCHA after a certain amount of unsuccessful logins.

It is better than the classic approach of locking an account after a sequence of unsuccessful logins since doing so allows an attacker to close accounts at will.

How do CAPTCHAs work?

The idea of CAPTCHA comes from the Turing test. A Turing test is a method to test a machine’s ability to exhibit intelligent behaviour equivalent to that of a human being.

A CAPTCHA is a reverse Turing test whereby a machine tests to see if you are human or not, but the core principle remains.

The scheme is simple. CAPTCHAs work by telling you to type some scrambled letters or numbers that a robot would be hard-pressed to comprehend.

It applies the issue of computers not being able to think abstractly and see the world the way human beings do. While humans are sophisticated with processing visual data, bots lack those skills.

If you find a specific CAPTCHA image challenging to read, you can use try another option to request a new test. After you submit the answer CAPTCHA authenticates the answer.

What are some common types of CAPTCHAs?

The most common form of CAPTCHA is the text-based CAPTCHA, in which you see a distorted string of alphanumeric characters in an image.

Text CAPTCHAS are also rendered as audio recordings to meet the needs of the visually impaired.

Another commonly used type is the Picture recognition CAPTCHAs in which you need to identify a subset of images within a broader set of images.

For instance, you may be given a set of pictures and asked to select the ones that have cars in them.

Math CAPTCHAs asking to solve a fundamental math problem, or 3D Super CAPTHAs requiring a user to identify an image rendered in 3D are also some of the alternatives available today.

What is reCAPTCHA?

reCAPTCHA, developed by Google is the next evolution of CAPTCHA technology. It uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site.

reCAPTCHA offers more than just spam protection. Every time CAPTCHAs are solved, that human effort helps digitise text, annotate images, and build machine learning datasets.

Are CAPTCHAs always successful? – Issues with CAPTCHA

CAPTCHA can be annoying at times. Typing some weirdly shaped letters or solving any other types of challenges over and over is merely irritating.

However, Security and accessibility are the two main issues that a CAPTCHA must satisfy.


Secure CAPTCHA code is hard to build, and there needs to ensure that the CAPTCHA cannot be worked around by scripting or some program code.

If too many sites start using a specific type of CAPTCHA, it can cause the system to become insecure and no longer valid.

Puzzles that usually ask text-based questions are an example of this, and they look easy to circumvent if you can program a bot to learn the answer.


The issue of accessibility is a big challenge because CAPTCHA uses images which are undoubtedly difficult for physically disabled users. The most effective way around it is to allow a person to opt for an audio-based CAPTCHA.

Some CAPTCHA images may use text that is entirely undistorted or has only minor distortions. It will not deter bots from accessing protected resources because it is like reading a standard text, something a bot can easily do.

Sometimes the characters are so distorted that even if you have excellent vision, you cannot recognise them.


Final thoughts on CAPTCHA test

CAPTCHA tests effectively block most simple automated attacks, which is why they are so prevalent. They are not without their flaws, however, including a tendency to confuse people who have to answer them.

As the CAPTCHAs are evolving in nature and form, a new generation of bots is also coming up. Also, the more sophisticated algorithms you use to protect your website from these bots, the wiser they become.

But does it mean CAPTCHA is wholly unuseful and only annoys users? No, the idea is still quite good as even simple CAPTCHAs represent a significant barrier for most primitive bots.

So next time you encounter a CAPTCHA, and you are scratching your head, remember that they may be confusing bits of text, but they also protect your information and defeat bots.

As for CAPTCHA designers, they have to walk a fine line. As computers are becoming more sophisticated, the testing method must also evolve. But if the test develops to the point where humans can no longer solve a CAPTCHA with a decent success rate, the system as a whole fails.


You May Also Like

Private Browsing – Do You Know How to be Secure While Browsing?

‘Private Browsing' is a unique optional feature built into web browsers, that makes sure Browsing History is not stored and Cookies are not saved. Once enabled, this ensures that one does not leave any trace with the browser.

Best Anti Malware – A Comprehensive Study With Guidelines

Malwarebytes, Kaspersky, Bitdefender, Eset, etc. are some of the popular anti-malware applications which offer all-round protection to your system and secure your data from any malware attacks

Free Antivirus for Android phones – A Quick Guide

AVL, AVG, Avast are some of the free antivirus softwares for Android devices. They can be installed to keep your mobiles secure.

What is Computer Virus? How do Viruses Spread?

A virus is a piece of malicious code that interferes with the normal functioning of a system and damages the way it operates. It is self-replicating in nature and copies itself or attaches itself to other legitimate programs and runs when that program runs.

Port Knocking and Security. How Are They Synonymous?

Port knocking is an authentication technique used to open closed ports which are behind a firewall. It is mainly used to prevent hackers from doing a port scan and is one of the security measures a network administrator takes to secure the network.

More Articles Like This