Google kills CAPTCHAs with new artificial intelligence system

The widespread use of CAPTCHAs — the term for those mashed-up letter sequences you must type to “prove you’re not a robot” — are not just annoying, they’re also increasingly useless. As Google explained last year, algorithms can now solve 99 percent of the CAPTCHAs out there, including Google’s own version of them.

The good news is that [company]Google[/company] is now offering websites a tool that will let them deep-six the traditional CAPTCHA method and replace it with a box that just asks the user to click a box in response to the usual “I am not a robot” prompt. It looks like this:

Google recaptcha

While checking the box might seem less secure than typing jumbled letters, the new process is actually powered by a sophisticated AI analysis that takes account of what the user does before during and after the click. As Google explained in a Wednesday blog post:

[D]istorted text, on its own, is no longer a dependable test.

To counter this, last year we developed an Advanced Risk Analysis backend for reCAPTCHA that actively considers a user’s entire engagement with the CAPTCHA—before, during, and after—to determine whether that user is a human.

The new system, which can already by found on a handful of websites including Snapchat is not entirely CAPTCHA-free, however. Google explains that in instances where its risk analysis is not confident that the user is human, the bad old CAPTCHA might make an appearance.

Fortunately, when the “type what you see” prompt does appear, it is likely to be less annoying. It might, for instance, ask users to type in the numbers of an address from one of the millions of images that Google has culled from its Street View project.

On mobile, the process is set to become more painless too. As this image shows, users may now be prompted to simply solve a basic puzzle through tapping:


More broadly, this new wave of post-CAPTCHA innovation came in response to artificial intelligence systems like IBM’s Watson, which are able to crack CAPTCHAs through brute force while using minimal amounts of data and compute power. (My colleague Signe Brewster has a more detailed overview of how a startup called Vicarious is doing so).