High-Friction & Low Friction CAPTCHA
What types of CAPTCHA are there?
Today, there are two main types of CAPTCHAs:
- High-Friction CAPTCHA
- Low-friction CAPTCHA
If the user has to actively perform a task, this is referred to as a high-friction CAPTCHA due to the high-friction verification methods.
If the verification runs in the background and the user is not required to complete a task to prove that they are human, this is referred to as a low-friction CAPTCHA.
The term low-friction verification method is primarily aimed at the fact that the check to be completed does not directly represent any added value for the user. It is a hurdle that primarily costs time until the user can reach their actual destination.
Examples of high-friction CAPTCHA
| Art des CAPTCHA | Beispiel für die Aufgabe | Anbieter |
|---|---|---|
| Text-based CAPTCHA | Character recognition | Captcha.guru, CaptChair, Text Disguise, RainCaptcha, MTCaptcha |
| Image-based CAPTCHA | Image labeling task | Confident CAPTCHA, PhotoCaptcha, 2Captcha API, WebAppz, hCaptcha, ReCaptcha |
| Audio-based CAPTCHA | Input of letters heard | Datadome, Seznam Captcha |
| Mathematical or word-based CAPTCHA | Solving math problems, answering questions, completing sentences | VersCaptcha API |
| Game-based CAPTCHA | Assembling a puzzle piece into an apple picture where the piece is missing, rotating a picture | KeyCaptcha API, VouchSafe API, GeeTest CAPTCHA, Rotate Captcha |
| Social Media-based CAPTCHA | Sign-in via Google, LinkedIn, Facebook, Single-Sign-On (SSO) | |
| Payment-based CAPTCHA | Payment by means of cryptocurrency | Captcha Coin API |
| Telephone-based CAPTCHA | Sending a code | Ringcaptcha |
| Advertising-based CAPTCHA | Entering a text | Solve Media, Ericsson Captcha |
What is a low-friction CAPTCHA?
In view of the growing criticism of conventional CAPTCHAs, more user-friendly CAPTCHA solutions are increasingly being developed and made available. In some cases, these are methods that have been known for some time, but which in combination help to protect against bots.
Examples of low-friction CAPTCHA - frictionless verification
At best, frictionless verification procedures are invisible or imperceptible to real people, while it is difficult for bots to pass this check.
- User activities
- Proof of work
- Spam honeypots
- Lockout time / time blocks
- IP white list / blacklisting IPs
User activities
The user's movements on the website are tracked and analyzed. An attempt is made to identify whether the clicks and other user activities on the website correspond to human behavior or are more likely to be attributed to a bot.
Proof of Work
Proof of work is one or more calculation tasks that the client browser has to solve in the background so that the CAPTCHA check is passed. This check is usually not noticed by the user as they are busy with their actual task at the same time, such as filling out a registration form, composing a message, etc. This proof of work costs computing power. This proof of work costs computing power and time and therefore puts a damper on bot activities that are trimmed for efficiency.
Spam honeypots
This is a case for simple bots. Form fields that are invisible to the web user are built in so that they are not filled in by real people. In contrast, bots that are programmed to fill in all fields of a form are also lured into filling in these invisible input fields. This gives the bots away and prevents the data from being sent.
Lockout time / time locks
Bots can fill out forms many times faster than humans. In order to be able to send as many spam messages as possible, these bots are optimized accordingly. Time locks can be used to hinder this action. If a bot sends one or more requests to the web server or application faster than the specified time block, the bot is recognized and data acceptance is rejected. Human users of the website usually do not notice these time blocks, as they need longer to enter the data anyway. The use of a timer for completing a form can be a useful additional measure alongside other anti-bot defense methods.
IP White List / Blacklisting IPs
With IP White List, the captcha is completely invisible to users coming from Internet IP addresses that correspond to a defined IP whitelist. The opposite form - blacklisting IPs - is the creation of blacklists for IPs. Here, IPs from certain geographical regions are excluded or requests from these regions are heavily throttled or limited.
Media credits
| Image | Copyright | Author |
| ###IMAGE### | ###COPYRIGHT### | ###AUTHOR### |