4 min read

What is CAPTCHA?

What is CAPTCHA?

What is CAPTCHA and why is it used?

Have you ever filled out a form on a webpage and before you are allowed to press submit, you have to decode a series of jumbled up letters and numbers? Or pick the images with traffic lights in? Or clicked 'This is not a robot'?

This is known as CAPTCHA.

CAPTCHA is the acronym for Completely Automated Public Turning. CAPTCHA is a program that protects websites against automated bots that seek to spam, fraud and abuse websites. The program generates and grades tests that only humans can pass.

The test, to tell computers and humans apart, has played a big part in cybersecurity. Over our 15 years in IT support, we have seen CAPTCHA become an essential part of online security and a part of any businesses basic online cybersecurity defences.

Can I add CAPTCHA to my website?

CAPTCHA or reCAPTCHA can be incorporated, normally free of charge, onto any website form. It is definitely worth implementing if your website receives a lot of spam. It can be easily added using website content management systems, including Wordpress and HubSpot.

History of CAPTCHA

CAPTCHA was first seen in the early 2000’s with PayPal being one of the first major sites to introduce the forms. The main reason for the introduction of the forms was due to the rise in computer spam in the early 2000’s as people were learning quickly how to exploit websites. Over the years CAPTCHA has become an essential part of online forms to help tell the difference between humans and machines.

Why is CAPTCHA needed?

The main reason for the introduction of CAPTCHA was due to the rise of computer spam at the turn of the century. Adding CAPTCHA to a form would stop any automated submissions going through. Not only has it helped with spam it has also become a benchmark for AI problem-solving.

How it works and characteristics

It may look like a mix of random letters and numbers, but there is an algorithm to CAPTCHA. Due to there being things computers cannot tell apart CAPTCHA follows these rules;

The variation of letters and numbers

Each letter or number can be written in an infinite number of ways. Humans can tell the differences between these infinite ways easily, but artificial intelligence isn’t able to do this. While humans have learned how to distinguish between letters and numbers at high speed to teach a computer to do this is complicated.

Separating joined letters

Most CAPTCHA forms will have letters and numbers that are all joined. Humans can distinguish this and can pull apart the text into different sections easily. With the characters, close together and overlapping it makes it difficult for computers to tell them apart.


This is where humans can excel at solving things such as CAPTCHA. Due to the capability of being able to keep different scenarios alive and pick the correct path to follow, humans take on average just 10 seconds to solve a CAPTCHA form. For example a human can quickly distinguish between ‘i’, ‘I’, ‘l’, ‘L’ and ‘1’ where as artificial intelligence cannot.


It’s hard to imagine that a thing that stops online spam can draw any controversy to itself, yet CAPTCHA has done this since its creation. Instead of designing software that could solve or bypass the forms people started to create ‘CAPTCHA farms’ which would pay minimal amounts for people to solve thousands of CAPTCHA forms.

Although, its biggest criticism has come from people who suffer from poor vision and/or hearing. CAPTCHA offers an audio version of the mixed-up letters and numbers for people who struggle with their sight. Not only is this a less safe method of cybersecurity it’s also difficult for people with poor vision to find and access. People who struggle with their sight will often use an on screen reader to help them navigate web pages. On screen readers are unable to read CAPTCHA forms are often leaving people without access to some of the world’s biggest sites.

The future

Despite the world becoming connected more and more by technology CAPTCHA has survived the test of time and is still used today. On criticism of it was it takes too long to solve and was taking up too much time in people’s days. To counteract this a more modern version of CAPTCHA has been introduced.

Rather than a mix of letters/numbers, there will be either a series of images or a simple maths equation displayed. The image will then ask you an easy question such as ‘click on the dog’ or ‘click every image that contains the colour blue’. This updated version of CAPTCHA has been met with good reviews but have been criticised by cybersecurity professionals (again) for being too easy to solve.


reCAPTCHA v3 is the latest, free CAPTCHA tool that can prevent your website from spam and abuse. Instead of the user needing to input a response to the CAPTCHA test, it uses advanced risk analysis techniques to determine whether it is humans or bots. In V3, the test is not visible to the end user and is automated, so you may not realise that you have been tested! Google advises how to implement this to your website.

What's great about reCAPTCHA, is it resolves previous issues, including helping those that suffer from poor vision and/or hearing.

What next?

If you’re looking to add CAPTCHA to your website, first work with your website CMS (content management system) provider and find out if you can add it yourself. It's likely that you won't need outsourced help or a website developer to implement it.

However, this is just one small piece out of a wider multi-layered cybersecurity strategy. If you're not sure how to make your medium or small business cyber safe, our cybersecurity best practice blog is a great place to start. 

Speak to an expert

If you have questions about your cybersecurity, then why not schedule some time with one of our experts?

Sign up to our newsletter

If you want to keep up to date with the latest cybersecurity tips, then subscribe to our newsletter:
Sign up to our newsletter

Cybersecurity for your business

Learn about our cybersecurity business packages and pricing to understand what coverage your small or medium sized business might need.

What is Phishing?

What is Phishing?

A recent survey reported that 90% of organisations had been subject to a phishing attack. You may have heard of ‘phishing’ but do not know what is...

Read More
What is malware?

What is malware?

Short for malicious software, you may have heard the term malware used when it comes to computer security. Here at Superfast IT we’ve seen the...

Read More
Cybersecurity awareness training

Cybersecurity awareness training

What is cybersecurity awareness training? Cybersecurity awareness training is the formal education of business security to non-technical employees....

Read More