Cloudflare, a DNS service provider, has said it wants to replace the CAPTCHA web craze with a completely new system.
CAPTCHAs are those tests you have to do when you try to log into one service, which ask you to click on pictures of things like buses or viafundamentals or bikes to prove you're human.
(The name CAPTCHA, if you did not know it, comes from the initials of the "Completely Automated Public Turing test to tell Computers and Humans Apart.") The problem is that they add extra time to web use and can sometimes be difficult to solve. - I'm sure I'm not the only one who failed a CAPTCHA because I did not see the angle of a pedestrian crossing in an image.
In a blog post, Cloudflare says it intends to "get rid of CAPTCHA completely" by replacing them with a new way to prove that you are human by touching or looking at a device using a system called "Cryptographic Attestation of Personality". Currently, it only supports a limited number of USB security keys such as YubiKeys, but you can try the Cloudflare system (without USB) on the company website.
https://cloudflarechallenge.com/
I tried it and it worked great. All I had to do was click the "I am human (beta)" button and then follow a few instructions to select my security key. Next, I had to allow the site to access the key.
The whole process took a few seconds and I have to admit it was very nice not to look for pictures of buses and objects that look like buses. And in addition to everyone's speed, this new method could have a significant accessibility benefit, as visually impaired people may not be able to complete the CAPTCHAs currently available.
What happens behind the scenes with the new method?
In short, your device has a built-in safe drive containing a unique key that is stamped by your manufacturer. The security module is capable of proving that it possesses such a key without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate.
You can read a much more extensive explanation at company blog.
Although it's a very interesting idea, it's probably not the end of CAPTCHAs as we know them. For starters, Cloudflare says this is an experiment and is currently available "in limited English-speaking areas." In its current state, it only works with a limited set of hardware: YubiKeys, HyperFIDO keys, and Thetis FIDO U2F keys
Η Cloudflare promises that he will "examine the procase κι άλλων επαληθευτών το συντομότερο δυνατό”. Αυτό θα μπορούσε ενδεχομένως να επεκταθεί και στο τηλέφωνό σας: Η Cloudflare προτείνει τη δυνατότητα να χρησιμοποιήσετε ένα τηλέφωνο στον υπολογιστή σας για να περάσετε μια ασύρματη υπογραφή χρησιμοποιώντας NFC.
Google can treat both iPhones and Android as natural security keys. If Google and Apple were to use the Cloudflare method, they could significantly reduce the barrier by using USB, as smartphones are much more common than USB security.
