What are Captcha and ReCaptcha?

With hacking attacks going to the next level, most websites have become more vigilant to shield every possible cyber-attack. Captcha is something that has been around for some time now and several top websites incorporate captcha. Captcha is a challenge-response test provided over the website. This is used to determine if the user is a human or an automated bot. Captcha was first formed in 1997 and was officially introduced in 2003 by John Langford, Nicholas Hopper, Luis von Ahn, and Manuel Blum.

What is Captcha?

A typical captcha text contains distorted alphabets or alphanumeric characters. This needs to be entered by the user in a text box to get validated. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Human Apart.

Websites implement Captcha to prevent spam. Spammers target websites to submit spam data to sabotage the target and hopes to bring traffic back to their server. In most cases, spams result in a denial of service DOS attack which can bring down the complete application or website.

To avoid this, websites introduce Captcha which makes it difficult for an automated process to run or log in to the website. The distorted letters are human-readable and can prevent automated bots from spamming.

Advantages and Disadvantages of Captcha

Few of the advantages of Captcha are:

• Increases security
• Reduces spams
• Blocks automated increased usage of services
• Makes online activity safer
• Differentiates human and computers

Few disadvantages of Captcha are:

• Fails in certain browsers
• At times is difficult to read
• Challenging for people with certain disabilities
• Time-consuming
• Not guaranteed to be full proof

Captcha is an added security feature and is a good feature to be incorporated in your website that requires additional security. In most cases, online portals for sign up to any services or online payment websites use captcha.

Captcha has few downsides, which may result in the loss of users. A better implementation of Captcha is ReCaptcha. Common types of Captcha include:

• Simple Captcha text which is easy to read
• Distorted letters with a mix of small and Capital alphabets
• Distorted letters with alphabets and numbers
• Maths problems with the addition of two numbers. E.g.: 2+8
• Image-based Captcha. E.g.: Select all images with a car

ReCaptcha: ReCaptcha is currently the most widely used implementation of Captcha. This was acquired by Google in 2009. This assists in digitization of books. ReCaptcha was used to completely digitize archives of the New York Times along with several other Google books.

Apart from the digitization of books, it has also been used to translate books in a different language and scan illegible books. Very recently, ReCaptcha started a No Captcha which reduces the number of times captcha will be displayed on a user's screen. To do this, the user's browser activity is analyzed to determine if it's a bot. This simply shows a checkbox showing "I am not a robot".

ReCaptcha is easily readable for humans and is difficult for bots. ReCaptcha has 2 versions:

• ReCaptcha v2
• ReCaptcha v3

ReCaptcha v1 has been officially shutdown by Google on March 2018.

• ReCaptcha v2 – Android: This is an android library which is a part of Google Play services Safety Net API and can be directly implemented within the app. To invoke the ReCaptcha API, the user would require Google Play services on the app and should be able to connect GoogleAPIClient. With this either it will not ask for Captcha and let the user use the services or challenge the user to validate that it is a human.
• ReCaptcha v2 – Invisible ReCaptcha: Here the invisible ReCaptcha is basically invoked by an embedded JavaScript and the user does not require to explicitly click on a checkbox. Only suspicious traffic will require to be validated using complete captcha.
• ReCaptcha v2 – I am not a robot: Here the user would be shown an "I am not a Robot" checkbox. This will be shown for non-suspicious traffic. In other cases, the complete captcha will be displayed where the user will have to get validated to prove it’s not a bot.
• ReCaptcha v3 – This does not require any user intervention. This contains a JavaScript which runs in the background and returns a score. This score lets the website implement additional action such as additional authentication or bypass captcha.

How to implement ReCaptcha

ReCaptcha can be implemented by anyone easily. To implement this, you can visit the official ReCaptcha website. Here you can provide details of your domain and the ReCaptcha version.

Once you fill all the details you can submit. Once you submit, you will receive a site key and a secret key. As a next step, you can add the ReCaptcha script.

A sample code is as shown below:

<html>
  <head>
    <title>ReCaptcha Sample page</title>
     <script src="https://www.google.com/reCAPTCHA/api.js" async defer></script>
  </head>
  <body>
    <form action="Your action" method="POST">
     <div class="g-reCAPTCHA" data-sitekey="add the site key here"></div>
      <br/>
      <input type="submit" value="Submit">
    </form>
  </body>
</html>

While this is a complete form, all you need to add is a script tag for the ReCaptcha API and a snippet to add the site key.

<script src='https://www.google.com/recaptcha/api.js'></script>
<div data-sitekey="Add your site key here"></div>