We Cracked AOL’s Text CAPTCHA

We’ve said it again and again – text CAPTCHAs don’t work.

Despite this, some of the biggest companies on the internet still rely on them – for example, AOL. We noticed they were relying on a simple text CAPTCHA to guard their sign-up process and felt we needed to put it to the test.

Unsurprisingly, and like every other text CAPTCHA today, it failed to prevent automation.

AOL___Sign_Up_croppedAOL’s text CAPTCHA in action.

Why does this CAPTCHA, and many like it, fail to protect websites like AOL? It’s simple: because they’re so easily broken by anyone who is interested in doing so.

Simple thresholding algorithms can remove the background noise and then you can run the text through an Optical Character Recognition engine. By doing this users with malicious intent can automate sign-ups and flood forums/websites with spam.

Before

before_text_captcha

After

unnamed2

Once you run OCR over the image, you get something similar to the following image, where you can simply select the text from the image:

aol_cap_highlight

The software required to do all of this is easily available (we won’t be linking it here). For security purposes, this just isn’t acceptable.

If this sort of security is so unreliable, why then do websites (even some of the biggest in the world), still rely on it? It’s simple: for the last decade, there had never been a reliable CAPTCHA alternative that didn’t annoy users. FunCaptcha was born out of this necessity for innovation.

The CAPTCHA is a technology that is solved almost 300,000,000 times daily. FunCaptcha both streamlines this process for real humans but doesn’t sacrifice security. For unreliable security assets to be phased out, large brands and companies must lead the way in advocating change and FunCaptcha is the viable CAPTCHA alternative that can be that change.

Get FunCaptcha



Leave a comment


Our Clients
TV.com