Wherever we go on the internet, we encounter CAPTCHAs, those twisted words that block or enable entries on websites. Need to post an ad on Craigslist or log into your email from a new device? You may meet a CAPTCHA. Want to comment on an article or blog post? CAPTCHA.

So, why do we have them?

How do CAPTCHAs work?

CAPTCHAs were invented to block spamming machines from posting wherever they want. In order to keep out spammers, a CAPTCHA has to effectively test if you are human or machine. Computer scientists figured out that one of the easiest ways to do that is to use images of language. In order to deceive spammers, the images of language take randomly generated text and manipulate the image, so that a human can read it with some effort, but a computer trying to take a picture of it cannot.

Even though we read words on the internet, the internet and computers are not made of words. So, CAPTCHAs take advantage of the uniquely human ability to see letters that have been stretched or manipulated and still be able to decipher which letters they are.

Why are they called CAPTCHAs?

The term CAPTCHA was first used by computer scientists at Carnegie Mellon University in the early 2000s. CAPTCHA is actually an acronym that stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” That’s a mouthful.

It’s also a pretty straight-forward title, except for the Turing test part. What exactly is a Turing test? Alan Turing (1912–54) was an influential, English computer theorist who invented his namesake, the Turing test, which humans use to see if a machine can converse like a human being. A CAPTCHA is actually an inverted Turing test whereby a machine tests to see if you are human or not, but the core principle remains.

As technology has evolved (including the sophistication of malicious threats), CAPTCHAs have become increasingly sophisticated, incorporating images. To verify identity, users might have to select, as one instance, all pictures in a set that include a school bus or the color orange. Two-step or two-factor authentication (e.g., entering a one-time code sent to your phone that you use to log on a computer) has also become an increasingly common verification method.

Do you think the bots will capture these next steps in CAPTCHA tech?