DataDome

How effective is CAPTCHA? Why it’s not enough for bot protection…

Table of contents
Christine Falokun, Product Marketing Manager
1 Mar, 2023
|
min

Do you think of your traditional CAPTCHA as a necessary evil? It may harm your user experience, raise data privacy concerns, and fail to stop advanced bots, but it is a security staple—right?

Wrong. Keep reading to discover the risks presented with siloed CAPTCHAs, and why your human website visitors should never have to see a CAPTCHA again!

How effective is CAPTCHA?

We have to give them this: ReCAPTCHAs and other traditional CAPTCHAs helped protect content and revenue for online businesses with acceptable efficiency for many years. But users have spoken, and unfortunately, they hate them.

Not only do traditional CAPTCHAs slow down and add friction to the user journey, but they have serious accessibility issues. For people with dyslexia, visual impairment, or sensory disabilities, text- and image-based challenges can be flat out impossible to solve.

Captcha tweet

The reCAPTCHA that only requires users to click an “I’m not a robot” checkbox, was a little better in terms of user experience (UX), but people using screen readers, for instance, still had trouble with them. Too often, the detection would fail and users were required to complete a second step (typically image recognition) for verification.

Traditional CAPTCHAs Kill Conversions

Traditional CAPTCHAs introduce friction into the conversion process, because even the most efficient CAPTCHA is an irritating interruption when it is presented to human users. Someone who is ready to submit a form, sign up for something, or make a purchase does not want an extra step standing in the way—especially if it helps Google digitize old books or train image recognition software in the process.

How much do traditional CAPTCHAs reduce conversions?

It is difficult to tell. Recent research is hard to come by, perhaps because no digital marketer ever formed the hypothesis: “Let’s add an ugly, irrelevant challenge to our forms for all users and see if it helps our business.”

Captcha example

However, according to Acquireconvert, when the video app maker Animoto ran a test on their sign-up form, the form that included a CAPTCHA converted 48%, compared to 64% for the non-CAPTCHA form.

Of course, there is no guarantee that removing a CAPTCHA will increase conversions by 33% (it is actually highly likely to create other issues). But keeping CAPTCHAs hidden 99.99% of the time can definitely improve the user experience. The question is: How can you eliminate traditional CAPTCHAs without simultaneously exposing yourself to unwanted bot traffic?

Solution to Bot Protection Without Showing a CAPTCHA

The answer is simple: A specialized, effective bot protection solution. If humans can be distinguished from bots with sufficient accuracy, CAPTCHAs become obsolete—to human users. For example, as part of recaptcha vs DataDome capabilities, DataDome uses a comprehensive detection process that prevents human users from dealing with frustrating CAPTCHAs:

  1. When a user loads a page, within milliseconds, our real-time machine learning (ML) detection processes technical, statistical, and behavioral signals to block 99% of bots, including the newest and most advanced bots, and to allow human users through.
  2. Only if the identification (bot or human) is not conclusive after the initial stages of detection will a user be presented with a CAPTCHA.
  3. We developed our own CAPTCHA—built 100% for security, optimized for user experience (and accessibility), and compliant with data privacy regulations around the globe. Our customers are encouraged to use DataDome’s user-friendly CAPTCHA in the event a user reaches that stage.

DataDome CAPTCHA Demo Page

While a tiny minority of humans behave oddly enough to be flagged as suspicious, it’s extremely rare (0.01%) that a human gets past stage 1 of detection. But our ultimate objective is that eventually, no human should ever have to solve a CAPTCHA again.

It is also important that a CAPTCHA cannot be solved by bots. Unfortunately, the number of “pass” signals the DataDome solution later invalidated as false negatives (actual bots) revealed that 50% of requests that solve traditional and third-party CAPTCHAs are actually bots.

At DataDome, CAPTCHA security focuses on two main areas:

  • The fight against CAPTCHA farms (sweatshops), where underpaid human workers spend their days solving CAPTCHAs for bot operators.
  • Protection against bots that rely on artificial intelligence (AI) to masquerade as humans.

Assess Detection Quality With the CAPTCHA Report

A solved CAPTCHA is a sign that your bot protection has (wrongly) identified a human as a bot. That is called a “false positive”. The rate of solved CAPTCHAs, or the false positive rate, is an excellent tool for assessing the quality of your bot protection’s detection algorithm—that is, if your bot protection provider chooses to disclose it.

In the interest of full transparency, the DataDome dashboard includes a CAPTCHA page that shows how many times the CAPTCHA has been displayed, how many visitors failed the test, and how many times it was solved.

We are proud to announce that on average, our false positive ratio is 0.01%.

But that doesn’t mean we’re resting on our laurels. As much as we hate to admit it, even malicious bot operators can be smart, so staying a step ahead of them requires constant effort. Our bot SOC team keeps improving our algorithm every day, so only bots should ever see CAPTCHAs on the platforms we protect.

DataDome
Christine Falokun
Product Marketing Manager
Christine D. Falokun is an accomplished Product Marketer at DataDome, with experience bringing new products to market, spanning from the initial planning and development phases to execution and successful delivery. With a passion for crafting compelling narratives and a knack for translating complex technical concepts into clear and engaging messaging, she plays a vital role in driving the success of DataDome's products.

Related posts

DataDome
dd product home overview

Still exploring?

Start with an on-demand demo.

Watch a demo