Benostech
    Facebook Twitter Instagram
    Benostech
    • Home
    • How to Tech
    • Software
    • Blog
    • Scholarships
    • Contact Us
    Facebook Twitter Instagram
    Benostech
    Home»Blog»Just In: Cloudflare says it’s time to end CAPTCHA ‘madness’, launches new security key
    Blog

    Just In: Cloudflare says it’s time to end CAPTCHA ‘madness’, launches new security key

    Amara Julliet OttiBy Amara Julliet OttiMay 23, 2021No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Just In: Cloudflare says it’s time to end CAPTCHA ‘madness’, launches new security key
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Cloudflare, which you may know as a DNS service provider or the company that tells you why the website you clicked on won’t load, wants to replace the “craziness” of CAPTCHAs with an entirely new system.

    CAPTCHAs are those tests you have to take, usually, when attempting to log into a service, that asks you to click images of things like buses, crosswalks, or bicycles to prove that you’re human.

    (CAPTCHA stands for “Completely Automated Public Turing Test to Tell Computers and Humans Apart,” in case you didn’t know.) The problem is that they add a lot of friction to web use and can be difficult to solve at times — I’m sure I’m not the only person who has frustratingly failed a CAPTCHA because I didn’t see that corner of a crosswalk in one image.

    READ ALSO: Check Out Amazon Fire HD 8 Plus Price, Specs and Best Deals

    Cloudflare says in a blog post that it wants to “get rid of CAPTCHAs completely” by replacing them with a new way to prove you are a human by touching or looking at a device, which it calls “Cryptographic Attestation of Personhood.” It currently only supports a limited number of USB security keys such as YubiKeys, but you can test Cloudflare’s system on the company’s website right now.

    Here’s the company’s “elevator pitch” for what’s going on behind the scenes to prove you’re a human using its new method:

    The short version is that your device has an embedded secure module that contains a unique secret that your manufacturer has sealed. The security module is capable of demonstrating ownership of such a secret without revealing it. Cloudflare requests proof and verifies that your manufacturer is legitimate.

    See also  Why is God of War not working on my device? Ppsspp

    A much more detailed explanation can be found on the company’s blog.

    While it’s an intriguing concept, it’s possible that CAPTCHAs as we know them will not be phased out anytime soon. For one thing, you won’t see the prompt everywhere, as Cloudflare describes it as an experiment that is currently available “on a limited basis in English-speaking regions.” In its current state, it only supports a small set of hardware: YubiKeys, HyperFIDO keys, and Thetis FIDO U2F keys.

    Cloudflare promises to “look into adding additional authenticators as soon as possible.” This could potentially extend to your phone: Cloudflare suggests tapping a phone to their computer to send a wireless signature via NFC. Google can now treat both iPhones and Android phones as physical security keys; if Google and Apple adopted Cloudflare’s method, it could significantly lower the barrier to use, as smartphones are far more common than security keys.

    According to one critic, Cloudflare’s system may actually be a worse solution. As Ackermann Yuriy (CEO of consulting firm Webauthn Works) points out, “attestation does not prove anything but the device model,” which means it does not prove whether or not someone using a device for authentication is, in fact, a human.

     

    In its own blog, Cloudflare essentially admits this, stating that a drinking bird (those bird toys that repeatedly dip their beaks into water) could press a touch sensor on a security key, thereby passing the authentication test. If the goal of CAPTCHAs is to keep bot farms from taking over websites, we may need to consider whether bot farms equipped with jury-rigged security key devices (or worse) will take advantage.

    See also  Vodafone wins Ethiopian telecom license, MTN disappointed

    Cloudflare isn’t always associated with CAPTCHAs positively; for example, in April 2020, the company switched from Google’s reCAPTCHA to a service from the captcha, and some weren’t pleased:

    CAPTCHAs also assume that website owners want to allow relatively anonymous traffic, but anonymous identity may be meaningless if a website has your actual identity based on the login information you’ve provided. And, given the recent push against ad targeting, fueled in large part by Apple’s massive new privacy feature in iOS 14.5, which asks users if they want each app to track them around the web, it’s possible that website providers will shift more toward logins anyway.

    Though it may appear to be a hassle to have to deal with even more logins (which is much easier to do with a great password manager! ), that shift may, counterintuitively, have the potential benefit of pushing us even closer to a passwordless future. If more services push for direct logins, it’s possible that more of them will support security keys instead of passwords. Furthermore, more sites that support security keys may put pressure on others to do so as well, similar to the trend toward two-factor authentication with phones.

    While we aren’t quite there yet, Cloudflare’s potential replacement for the CAPTCHA could be the first step in that direction.

    Share this:

    • Click to share on Twitter (Opens in new window)
    • Click to share on Facebook (Opens in new window)
    • Click to share on WhatsApp (Opens in new window)
    • Click to share on Reddit (Opens in new window)
    See also  NASA will send two missions to Venus for the first time in over 30 years

    Related

    Cloudflare
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Amara Julliet Otti

    Related Posts

    Here are the latest accusations Activision Blizzard employees have leveled at the company

    July 31, 2021

    The FTC has reportedly opened an investigation into Amazon’s MGM acquisition

    July 31, 2021

    Tesla agrees to pay $1.5 million to settle battery throttling lawsuit

    July 31, 2021

    Leave a Reply Cancel reply

    Top Tech Tools for Every Freelancer and Small Business Owner

    August 8, 2022

    10 Tuition Free Universities in USA

    March 3, 2022

    How to Study in Canada Without IELTS

    March 3, 2022

    Fully Funded Europe Scholarships Without IELTS in 2022

    March 3, 2022

    15 Fully Funded Scholarships for International Students

    March 3, 2022

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    • Disclaimer
    © 2022 BENOSTECH. Designed by Tabloidstream Media.

    Type above and press Enter to search. Press Esc to cancel.