Cloudflare Designs a New Fast CAPTCHA with USB Keys

CAPTCHAs have been present in our lives for years, and each time they have become simpler. However, it is increasingly common for us to skip the check in which we have to identify images. Cloudflare claims that the time has come to put an end to this nonsense with a rather curious solution.

CAPTCHAs, short for Completely Automated Public Turing test to tell Computers and Humans Apart , allow a website to determine whether or not the visitor is human. Google’s reCAPTCHA 2 is the most used today, where we normally only have to click to say that we are not a robot , and Google will analyze our previous activity to determine, through elements such as mouse movement, that we are human.

Cloudflare Designs a New Fast CAPTCHA

Cloudflare has had enough of the traditional CAPTCHA

The problem is when that verification fails. And lately it fails more than usual, moving us even further away from reCAPTCHA 3 , where Google promised that we weren’t even going to have to click. Instead, we are currently taking 32 seconds on average to complete this verification with images, with a complex and arduous process with poor quality images, with a system that works poorly on mobile phones, and where it is frequent to fail if we are in a hurry and not We pay attention.

According to Thibault Meunier , an engineer at Cloudflare, he estimated that each user sees a CAPTCHA every 10 days, multiplying that number by 4.6 billion users and the average 32 seconds it takes to complete. According to his calculation, every day humanity loses 500 years doing CAPTCHAs .

For this reason, the Cloudflare engineer has presented an alternative called Cryptographic Attestation of Personhood . This system works simply. First, the user accesses a website protected by this system, such as , which they are using for testing.

USB keys are your solution, but they are expensive

On the web, there is a button that says (I am human) beta, and if we give it, the web will check that we are human. The new step comes now, where the web asks us to insert a USB security key , or Hardware Security Key . This key has USB and NFC connectivity, being able to use it on the PC or on the mobile. The cryptographic key for that key is sent to Cloudflare, verifying the user quickly without having to resolve a CAPTCHA.

Among USB keys, Cloudflare offers initial support for three: the YubiKey , HyperFIDO, and Thetis FIDO U2F . The Yubikey are the most widespread, being very comfortable to use as a two-step verification and add security to our day to day. Thus, with the quick check of the web and the USB keys, the check takes just five seconds, and is more respectful of privacy than current CAPTCHAs.

One of the problems with these keys is their price, which hardly falls below 50 euros. Meunier suggests that mobiles could be used as verification, since they do the same functionality as a USB key, being able to store cryptographic keys. However, for the time being the test will be limited to USB keys, in addition to starting testing in English-speaking regions first.