{"id":251956,"date":"2021-05-18T00:07:58","date_gmt":"2021-05-17T21:07:58","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/cloudflares-new-captcha-replacement-needs-more-work-review-geek\/"},"modified":"2021-05-18T00:07:58","modified_gmt":"2021-05-17T21:07:58","slug":"cloudflares-new-captcha-replacement-needs-more-work-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/cloudflares-new-captcha-replacement-needs-more-work-review-geek\/","title":{"rendered":"#Cloudflare\u2019s New CAPTCHA Replacement Needs More Work \u2013 Review Geek"},"content":{"rendered":"

“#Cloudflare\u2019s New CAPTCHA Replacement Needs More Work \u2013 Review Geek”<\/strong><\/p>\n

\n
\"An
Cloudflare<\/a><\/span><\/figcaption><\/figure>\n

Popular CDN and DNS service provider Cloudflare wants to put an end to CAPTCHAs<\/a>, claiming that humanity wastes 500 hours staring at the annoying \u201cprove you\u2019re not a robot\u201d tests every day. And while the company\u2019s proposed replacement isn\u2019t exactly perfect, it\u2019s a step in the right direction that could lay the groundwork for future authentication standards.<\/p>\n

CAPTCHA is a \u201cCompletely Automated Public Turing test to tell Computers and Humans Apart.\u201d Like a bouncer at a nightclub, CAPTCHA uses simple questions or puzzles to prevents robots from overrunning websites. But CAPTCHA sucks. The tests are slow and confusing, they don\u2019t always work correctly, and they\u2019re not always accessible to those who are visually impaired.<\/p>\n

Google is trying its hardest to fix CAPTCHA<\/a>, but Cloudflare wants to kill it off and replace it with something called \u201cCryptographic Attestation of Personhood,\u201d which is a fancy way of saying \u201ca piece of hardware that proves you\u2019re a human.\u201d Unsurprisingly, Cloudflare is focusing on USB security keys in its early tests for this authentication method.<\/p>\n

If you own a YubiKey, HyperFIDO key, or Thetis FIDO U2F security key, then you can test Cloudflare\u2019s impressive new authentication system<\/a> now. Simply connect the USB security key to your computer, give the website permission to see your key, click the key, and then you\u2019re off to the races (well, you\u2019re redirected back to Cloudflare\u2019s blog). Not only is the system fast, but it\u2019s accessible to people who are visually impaired. It also protects user privacy, as the security key that vouches for your humanity isn\u2019t uniquely tied to your name or device.<\/p>\n

It wouldn\u2019t take much work for the technology<\/a> to support mobile phones, which can stand-in for security keys<\/a> thanks to Google. Cloudflare also proposes a future where manufacturers build \u201cCryptographic Attestation of Personhood\u201d hardware directly into devices. These chips could verify that your computer is real and unique using a special code associated with the manufacturer.<\/p>\n

But are these authentication methods effective? What\u2019s stopping a robot from using (or spoofing) a USB security key, or any other \u201cattestation\u201d tools? As Webatuthn Works CEO Ackermann Yuriy points out<\/a>, FIDO keys are not only easy to spoof, but they also work incredibly fast and are relatively anonymous, so a bot farm hook up to a handful of keys could easily overrun a website protected with Cloudflare\u2019s system.<\/p>\n

People are already plotting elaborate schemes to break past Cloudflare\u2019s proposed CAPTCHA replacement, an indicator that \u201cCryptographic Attestation of Personhood\u201d isn\u2019t the future, at least not in its current sate. But the authentication method is incredibly convenient, fairly private, and fairly easy to implement. In short, the floodgates are open, it\u2019s time for CAPTCHA to die, and Cloudflare is taking the first step in the right direction.<\/p>\n

Source: Cloudflare<\/a> via The Verge<\/a><\/small>\n<\/div>\n