Google’s CAPTCHA is not the most beloved tool on the Internet. It’s the bot detection system that makes us repeatedly select buses and traffic lights in web puzzles. Because it’s so tedious, one Internet giant, Cloudflare, claims to have a completely different alternative to do away with CAPTCHA.
This is not the first time Cloudflare has stood up to CAPTCHA. Last year we saw what hCAPTCHA looked like, an alternative that paid webmasters for users solving puzzles. Now they are looking to go further, with a system where there is nothing to solve and much less time is spent in the process.
Biometric or physical authentication to prove you are human
In a post on the company’s official blog, Cloudflare has described what their proposal is to do away with CAPTCHA. Instead of identifying items in images, they propose to use unique authentication keys such as security key fobs or biometric authentication. This is nothing new, although it is new to use it to verify that someone is human.
If we wanted to be identified on a web page as human, we would first have to press a button to start the process. Once pressed, we will be asked for a security system, which is usually a USB security keychain. We insert the key fob and this automatically confirms that we are human (or are we?). For this, the Cloudflare system finds the unique key of the USB security key fob and identifies the manufacturer of the USB security fob.
In the future, they express that this system could be improved using all kinds of security key fob brands (currently it works only with a few) and also other authentication systems such as fingerprint or facial recognition.
The system, although faster and more convenient than CAPTCHA, is not foolproof. The ultimate goal of CAPTCHA is to prevent bots from accessing web services. A security keychain allows Cloudflare to identify that there is a security keychain behind everything, but not necessarily that there is a human.
Nothing would prevent a bot farm from being equipped with dozens and dozens of security key fobs that automatically tell Cloudflare that they are legitimate users. Cloudflare indicates that the system can be made more advanced by asking for a fingerprint, as some USB security key fobs allow.
As with everything, it will succeed if other manufacturers and services bet on it. Perhaps the differentiating factor would be to see it compatible with iOS and Android. The two most popular mobile operating systems could become important authentication tools by making use of their biometric systems such as fingerprint recognition and facial recognition. Time will tell, for now, we have to continue to deal with buses, traffic lights, and crosswalks.