Recently web infrastructure company Cloudflare announced that it decided to stop using reCAPTCHA from Google in favor of a different CAPTCHA provider. While the rationale for the decision was based on Google deciding to charge for the previously free service, Cloudflare, in a blog post to its customers, also acknowledged that it believes “visual (and audio) CAPTCHAs are an imperfect answer to a number of difficult problems.”
Imperfect? We’ve been saying—along with many others—that using a CAPTCHA approach is not only imperfect, it’s the wrong approach altogether to stopping malicious bots.
Aaron Malenfant, an engineering lead on Google’s CAPTCHA team, was quoted by several media outlets as saying that in five or so years, CAPTCHA challenges won’t be viable at all. We’d argue that they aren’t viable now, let alone years from now.
In my opinion, here’s why:
Machine learning is too advanced
In the early years of CAPTCHA challenges, simple images of text were enough to defeat most bots. But with the growing sophistication of artificial intelligence and machine learning, any test can be used to train software (in this case, bots) to solve the challenge. In fact, this isn’t a recent advance. Machine learning algorithms began getting better at solving CAPTCHAs than humans years ago.
In a recent article I read in The Verge sums it up quite nicely: “Machine learning is now about as good as humans at basic text, image, and voice recognition tasks … In fact, algorithms are probably better at it. We’re at a point where making it harder for software ends up making it too hard for many people.”

