Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News Categories

Human after all: Cloudflare does away with CAPTCHAs in favour of WebAuthn

By Liu Hongzuo - on 17 May 2021, 12:11pm

Human after all: Cloudflare does away with CAPTCHAs in favour of WebAuthn

Image source: Cloudflare.

Starting today, Cloudflare's getting rid of repetitive, boring CAPTCHAs. You know those little puzzles you get right before you do something interesting, like getting important show tickets or buying a limited edition collectible? Apparently, they're so annoying that the CDN that uses CAPTCHAs wants to be rid of them.

According to Cloudflare's blog post, CAPTCHAs are horribly unproductive, a hog of precious mobile data, and generally unfriendly to users on mobile devices. What's also not mentioned in the blog post is how CAPTCHAs are increasingly ineffective at stopping bots from snatching up all your PS5s, graphics cards, and collectibles the moment it goes online - since there are both computerised solvers and literal CAPTCHA farms where people solve these puzzles for a wage.

Cloudflare said that an average human being takes 32 seconds to solve a CAPTCHA, and people waste about 500 years' worth of time per day to solve these puzzles. They've got to go.

In place of CAPTCHAs, Cloudflare is trialling other human verification methods to combat botting. One method they are attempting is the Cryptographic Attestation of Personhood, which uses the Web Authentication (WebAuthn) Attestation API that can be found on most Internet browsers (desktop and mobile).

Image source: Cloudflare.

It works a little bit like two-factor authentication. As long as the user is on a platform by a legitimate manufacturer with multiple certificates built in, Cloudflare theoretically can verify these certificates with the help of WebAuthn. For users, this means that proving your humanity can be fully automated without encroaching on user privacy.

However, Cloudflare is still experimenting with this feature, and they're currently trying these steps out via physical USB keys.

If you're interested, head over to their blog post to find out more.


Source: Cloudflare (blog)

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.