1. Home

Discuss in my forum

Why CAPTCHAs Are So Hard to Enter

Understand the Methods Cheaters Use to Crack CAPTCHAs


Have you ever wondered why CAPTCHA codes are so hard to enter? Cheaters can use bots to enter sweepstakes for them or vote for their contest entries, exploiting code to enter more often than the rules allow. But don't CAPTCHA codes prevent bots from being used on sweepstakes forms?

Well, they're supposed to, but it's a game of cat and mouse; cheaters are always trying to crack CAPTCHAs, and companies are trying to strengthen their security to make them harder to get around (while still letting regular people enter).

Understanding the methods that spammers use to circumvent CAPTCHA sheds light on why those CAPTCHA codes are getting harder to enter.

1. Avoiding CAPTCHA with OCR

OCR, which stands for Optical Character Recognition, is a way for computers to identify text from images. If you want to scan a document into your computer and edit it like any of your electronic documents, you'll scan the image into the computer and then use OCR software to convert the image into text.

If you have a nice, clear text CAPTCHA, cheaters can use OCR software to break the code.

This is why so many CAPTCHA codes are blurry, have wavy lines behind them, turn the letters sideways, or otherwise make the text hard to read.

If you've ever tried to scan in any documents, you'll notice that while many words scan through without problems, any smears or smudges on the paper, or anything else that makes the text a little unclear, will cause the OCR software to make errors and confuse the words.

When CAPTCHA codes are hard to read, it increases the chance that cheaters' OCR software won't be able to break the code.

2. Displaying CAPTCHA Codes on Other Websites

CAPTCHAs are designed to be easy for humans to solve, but very hard for computers to enter automatically. But that doesn't help if it's humans who are unwittingly solving the CAPTCHAs.

Cheaters and spammers have gotten around CAPTCHAs by passing the code to another website, where people enter the code to get access to some other feature. For example, the people think they're solving a puzzle or typing a code to get access to an (often pornographic) picture.

This is one reason why some CAPTCHAs expire so quickly. If a new CAPTCHA needs to be entered every few seconds, it reduces the odds that cheaters can trick someone into typing the response quickly enough.

3. Paying People to Crack CAPTCHAs

Some companies offer programs that allow cheaters to crack CAPTCHAs for $1 or less per crack. They work in a similar method to the trick above, but they pass the CAPTCHA codes to people working in sweat shops in third-world countries to solve. A fast-expiring CAPTCHA can also fight this kind of crack.

4. Exploting Poorly-Coded CAPTCHAs

Some CAPTCHAs are not coded correctly, so that it's possible to guess the desired result from the code or to have the same CAPTCHA accepted over and over again. Luckily, sweepstakes companies can avoid this problem by using free CAPTCHA programs like Google's Recaptcha.

5. Conclusion

The courts have found that circumventing CAPTCA violates the DMCA, making it illegal. You can read more about the issues involved in this Wired article: Is Breaking CAPTCHA a Crime?

As long as there's profit in circumventing CAPTCHAs, criminals will always look for new ways to crack them, while companies will try new methods to boost security. If you're having trouble with specific sweepstakes, read How to Solve Tricky CAPTCHAs.

©2014 About.com. All rights reserved.