Cloudflare, an online DNS provider, is looking for a way to eliminate CAPTCHAs entirely. The alternative—USB security keys that are typically used in 2-factor hardware authentication.
CAPTCHAs Waste 500 Human Years Every Day
In a post on The Cloudflare Blog, the company states that it takes users an average of 32 seconds to solve a CAPTCHA. Now, assuming that a user sees a CAPTCHA once every 10 days, this translates into about 500 human years wasted everyday on CAPTCHAs. The number of internet users is 4.6 billion.
Cloudflare believes that the alternatives to this "madness" are hardware security keys. The company refers to this as "Cryptographic Attestation of Personhood."
The process of proving humanity using Cryptographic Attestation of Personhood works as follows—Cloudflare serves up a challenge, the user selects I am Human and is then prompted to insert a security device. The Hardware Security Device can either be directly plugged into the computer or tapped to a user's phone for verification using NFC.
According to Cloudflare, the whole process takes about 5 seconds, saving users a lot of time. Additionally, there are "at most three clicks required to complete a Cryptographic Attestation of Personhood."
Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness. https://t.co/k8acSt2vPT
— Cloudflare (@Cloudflare) May 13, 2021
Cloudflare also presented an elevator pitch for its CAPTCHA killer:
The short version is that your device has an embedded secure module containing a unique secret sealed by your manufacturer. The security module is capable of proving it owns such a secret without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate.
Cloudflare's experimental new method also eliminates looping since users are not required to click on specific objects many times in a row.
Why Cloudflare Wants to Get Rid of CAPTCHAS
Cloudflare's blog post highlights various reasons why CAPTCHAs aren't the most efficient ways to prove personhood on the internet.
The most glaring reason, according to the company, is productivity. A lot of time is lost when figuring out how to solve these challenges. Time that could be better spent on focusing on the task at hand.
Another major reason is the that not all people have the cultural knowledge required to solve CAPTCHAs. To expand on this point, Cloudflare says:
The people on the planet who have seen a US fire hydrant are in the minority, as are the number who speak English. Cabs are yellow in New York City, and black in London — heck, ‘cabs’ are only cabs in a few places, and ‘taxis’ everywhere else!
CAPTCHAs aren't very accessible either. As Cloudflare states, it is impossible for people with visual disabilities to solve certain CAPTCHAs on the internet.
Lastly, solving CAPTCHAs on mobile devices can be a hassle. It also puts unnecessary strain on the device's battery and data usage.
While Cloudflare has put up a strong argument, traditional CAPTCHAs won't be going away anytime soon. Cloudflare's method is still in its experimental stage and there are very few websites that are actually using it.
){kind=link}