Cloudflare, which we all know as a provider of DNS services or that company that tells you why the website you want to visit won’t load wants to substitute the “madness” of CAPTCHAs over the web with a completely new system.
If you don’t know what CAPTCHAs are, they are those tasks you require to perform when you try to log into a service. It then asks you to select pictures of things like fire hydrants, crosswalks, traffic lights, and so on to verify that you are human.
CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”.
Problem of CAPTCHA
The problem is, they add tons of friction to using the web and may sometimes be difficult to unravel – I’m pretty sure I’m not the sole one that angeringly failed a CAPTCHA with the reason of not noticing the amber of a traffic light in one of the images displayed.
From a blog post of Cloudfare, they stated it aims to purge CAPTCHAs totally by replacing them with a new method to verify that you are human by looking or touching a Device using a system called “Cryptographic Attestation of Personhood”.
Testing the New Feature:
Presently, it only gives access to a few numbers of USB Keys like YubuKeys, but it’s possible to test Cloudfare’s systems right now on the company’s official website.
I tested the new feature and it worked perfectly. What I did was click on the well-known “I am human (beta)” button on the website, then follow a couple of prompts to pick up my security key, then tap it. Then also give access to the website to detect the make and model of the key.
After I did this, the system granted me access. This process of verification took a couple of seconds and I need to admit that it had been very nice not to think of images of traffic lights and fire hydrants.
Additionally, the speed isn’t the only thing to be talked about but also, the major accessibility benefit. This new method allows visually disabled humans to complete human verification.
Company Statement:
Here’s what the company had to say of what’s going on behind the scenes to develop this new verification method:
The short version is that your device has an embedded secure module containing a unique secret sealed by your manufacturer. The security module is capable of proving it owns such a secret without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate.
While it’s all a fascinating idea, this may not be the ned of CAPTCHAs. It is almost certain that you won’t see the prompt on many websites, as Cloudfare says presently the new method is an experiment.
This is only available on a deficient basis in English-speaking regions. And, the current state supports a few sets of hardware namely: HyperFIDO keys, YubiKeys, and Thetis FIDO U2F keys.
Cloudflare guarantees they will consider adding other authenticators expeditiously as that would extend compatibility with phones. The company also suggests the likelihood of tapping a phone to the computers to pass a wireless signature using NFC.
Google will be able to consider both iPhones and Android phones as physical security keys. If Google and Apple decide to adopt Cloudflare’s new system, it could strikingly minimize the hindrance to using it.
What do you think about this new method of human verification adopted by Cloudflare to replace CAPTCHAs? Let us know in the comment section below.