Cloudflare the American web infrastructure and website security company that provides content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services, wants to kill CAPTCHA. The company says that although CAPTCHAs strengthen the security of online services, they do so at a very real cost associated with them.
According to their research, it takes a user on average 32 seconds to complete a CAPTCHA challenge. There are 4.6 billion global Internet users and assuming that a typical Internet user sees approximately one CAPTCHA every 10 days, very simple back-of-the-envelope math equates to somewhere in the order of 500 human years wasted every single day. All for us to prove our humanity.
Thibault Meunier, research engineer at Cloudflare said in the blog post:
Today marks the beginning of the end for fire hydrants, crosswalks, and traffic lights on the Internet. Today, we are launching an experiment to end this madness. We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is even possible? And the answer is: Yes! We’re starting with trusted USB keys (like YubiKey) that have been around for a while, but increasingly phones and computers come equipped with this ability by default.
To replace CAPTCHA, Cloudflare has released Cryptographic Attestation of Personhood, which it says takes all of 5 seconds and requires at most three clicks to complete the authentication instead of the 32 seconds it takes for solving CAPTHCA and proving that you are indeed a human. Cloudflare is going to start with trusted security keys -- such as the YubiKey range, HyperFIDO keys, and Thetis FIDO U2F keys.
The company claims:
This challenge has been built with a user-first approach while maintaining a high level of security for accessing Internet properties sitting behind Cloudflare’s global network. We’re now in the process of augmenting our existing humanity challenge with the Cryptographic Attestation of Personhood. More importantly, this challenge protects users' privacy since the attestation is not uniquely linked to the user device. We want to know that you're human, but we're not interested in which human you are.
Cloudflare shifted from reCAPTCHA to hCAPTCHA last year when Google announced that they would start charging for reCAPTCHA. You can read more about the reasons for the change and the differences in both types of authentications on Cloudflare Blog at this link.
You can also try out the new CAPTCHA less authentication system at cloudflarechallenge.com. For a detailed read on the subject, click on the source link below. You can also give feedback to the company on this link.