How Can You Use CAPTCHAs to Keep Your Website Secure?

A CAPTCHA generates an automated response that challenges you by providing a problem that can only be solved by humans. It prevents access to systems and software by requiring a typed series of characters.

When To Use CAPTCHAs

If you’ve ever signed up for anything on the Internet, you’ve probably taken a CAPTCHA test. You were presented with a picture of distorted letters and numbers, and then a little field below that picture where you typed in the letters, numbers or characters that you saw. Or, you may have been presented with a bunch of photos and were asked to click the ones with an automobile. Perhaps you were asked to click a box that said, “I am not a robot.” These are all CAPTCHAs. Many websites us CAPTCHAs today as part of their initial registration process. Some even require them for every login.


A CAPTCHA generates an automated response that challenges you by providing a problem that can only be solved by humans. It prevents access to systems and software by requiring a typed series of characters.

To many, it’s just that annoying little box that comes up at the bottom of a registration form. It might be annoying, but it’s preventing bots (or computer robots) from getting into a system and causing havoc.

How Did CAPTCHAs Come About?

The story of how the CAPTCHA came about is fascinating. In the year 2000, everyone was signing up for free Yahoo email addresses. This was before Gmail, and many thought Yahoo email was great! You could use it anywhere and access your emails from wherever you had an internet connection.

But there was one problem…

And a computer science graduate student at Carnegie Mellon University in Pittsburgh, PA discovered it. His name is Luis von Ahn.

Luis explains the issue with the Yahoo email addresses:

“The problem was that there were people who, to send spam from Yahoo accounts, would obtain millions of fake email accounts.”

The spammers who were signing up for the fake email accounts weren’t going to the Yahoo site and signing up one by one. Instead, they were writing simple computer programs with little dots that kept filling out the Yahoo email signup form, again and again, 24/7. This generated an army of fake email accounts where they could sell fake Viagra, or steal bank account information.

Yahoo didn’t know what to do about this. But, Luis had an idea.

“The idea was…Can we make a test that will distinguish between humans and computers? But also a test that is graded by the computer?”

This is when Luis and his team, including Nicholas J. Hopper, John Langford, and Manuel Blum,

came up with the CAPTCHA idea.

“We showed it to the chief scientist at Yahoo, and he loved it! And within a few weeks, it was being used by Yahoo.”

Luis gave his test a name. It was a long, ridiculous name that made a short acronym: “completely automated public Turing test to tell computers and humans apart” — CAPTCHA.

The Turing test was developed by Alan Turing in 1950 to test a  machine’s ability to exhibit intelligent behavior equivalent to that of a human. It’s a test that you can use to tell if you’re communicating with a computer or a human being. If it can make you consistently think that you’re communicating with a human being, then it’s considered Artificial Intelligence (AI).

It worked for Yahoo, and the CAPTCHA became huge!

Why Are CAPTCHAs So Popular Now?

CAPTCHAs enhance security. Websites use the CAPTCHA to ensure only humans are accessing a site.

Online systems are regularly exposed to hacking. They prevent what’s called quality of service (QoS) degradation by bots or other automated programs. Putting a CAPTCHA element on a registration form as a test before you can enter a website is another layer of security.

CAPTCHAs also prevent sites from being affected by brute-force hacking attempts. This is a trial-and-error method that hackers use to guess passwords or personal identification numbers (PIN)s. Brute force attacks are generated by automated software. The CAPTCHA recognizes this and that the attempt to enter the site isn’t being made by a human, so it blocks access.

A CAPTCHA is easy for humans to figure out, but difficult for automated software to pass. CAPTCHAs are also simple for web developers to implement. They just need to decide if the annoyance for people who want to access their system is worth the added security. It is if you want to protect your customers’ confidential data and to keep your website secure.

How Else Can We Protect Our Website From Hackers & Bots?

Along with CAPTCHA elements there are 5 effective tactics to keep your website secure and protected from brute-force attacks.

  1. Use HTTPS Instead Of HTTP: HTTPS (Hypertext Transfer Protocol Secure) is like putting a secure padlock on your website. It keeps website communications secure. Before now it was only necessary for things like payment sites or other websites that held sensitive data.Today, it’s critical for any website to use HTTPS in the URL. Plus, HTTPS sites rank higher on Google than HTTP websites. Google will mark your site as not secure if you use HTTP.You’ll need an SSL Certificate to obtain HTTPS security for your site. SSL protects sensitive data going to and from your website. It encrypts the connection and helps protect your visitors’ data from being obtained by hackers. HTTPS provides safety for all of your subdomains as well.
  2. Update Your Website Software: You may use WordPress or other versions of website development software. Just make sure you are always using the latest version. And be sure to watch for security patches that the website software developer sends out and apply them immediately. If you don’t, your website software will be vulnerable to hacking. If you aren’t technically savvy, ask your technology service provider for help with this.
  3. Use A Web Application Firewall (WAF): Just like you use anti-virus software for your computers, you need something similar for your website. This is called a WAF. It will continually scan your site and monitor traffic for known cyber threats. Some also eliminate the threats as well. They are inexpensive and definitely worth using. If you need help finding the right one for your website, contact your IT service company.
  4. Back Up Your Data: Just like you back up the documents, files and other IT assets in your network, you should back up the content of your website. If a hacker gets in, you can always recover your data. It’s best to ask your technology service provider to help you find the right enterprise cloud-based backup solution for your purposes. Make sure it’s automated, set to back up every night and regularly tested for recoverability. If your website data is safely stored, the chances are you can recover it.
  5. Don’t Use The Same Or Easy-To-Guess Passwords: You need passwords for Content Management Systems, databases, FTPs (File Transfer Protocols), emails, etc. Just like with all of the other passwords you use, make sure they are long and complex, and that you change them frequently. Password management software can help you do this.

In Conclusion…

CAPTCHAs and other forms of website security are a must to protect the integrity of your websites.

Did you like this article? If so, visit our Blog for others.