Cloudflare wants to save 500 years per day of humans trying to solve CAPTCHA by killing it

cloudflare logo

Cloudflare the American web infrastructure and website security company that provides content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services, wants to kill CAPTCHA. The company says that although CAPTCHAs strengthen the security of online services, they do so at a very real cost associated with them.

According to their research, it takes a user on average 32 seconds to complete a CAPTCHA challenge. There are 4.6 billion global Internet users and assuming that a typical Internet user sees approximately one CAPTCHA every 10 days, very simple back-of-the-envelope math equates to somewhere in the order of 500 human years wasted every single day. All for us to prove our humanity.

Thibault Meunier, research engineer at Cloudflare said in the blog post:

Today marks the beginning of the end for fire hydrants, crosswalks, and traffic lights on the Internet. Today, we are launching an experiment to end this madness. We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is even possible? And the answer is: Yes! We’re starting with trusted USB keys (like YubiKey) that have been around for a while, but increasingly phones and computers come equipped with this ability by default.

types of hardware security keys
Hardware security keys

To replace CAPTCHA, Cloudflare has released Cryptographic Attestation of Personhood, which it says takes all of 5 seconds and requires at most three clicks to complete the authentication instead of the 32 seconds it takes for solving CAPTHCA and proving that you are indeed a human. Cloudflare is going to start with trusted security keys -- such as the YubiKey range, HyperFIDO keys, and Thetis FIDO U2F keys.

The company claims:

This challenge has been built with a user-first approach while maintaining a high level of security for accessing Internet properties sitting behind Cloudflare’s global network. We’re now in the process of augmenting our existing humanity challenge with the Cryptographic Attestation of Personhood. More importantly, this challenge protects users' privacy since the attestation is not uniquely linked to the user device. We want to know that you're human, but we're not interested in which human you are.

Cloudflare shifted from reCAPTCHA to hCAPTCHA last year when Google announced that they would start charging for reCAPTCHA. You can read more about the reasons for the change and the differences in both types of authentications on Cloudflare Blog at this link.

You can also try out the new CAPTCHA less authentication system at For a detailed read on the subject, click on the source link below. You can also give feedback to the company on this link.

Source: Cloudflare Blog via Zdnet

Report a problem with article
The Rust logo on a white and black background
Next Article

The low-level Rust programming language has just turned six years old

Jamo speaker
Previous Article

Save 58% off this Jamo I/O 3S 2-Way Bass Reflex Outdoor Stereo Speaker

Join the conversation!

Login or Sign Up to read and post a comment.

25 Comments - Add comment