Money Matters

A Captcha Killer Is Coming. It’s a Major Threat to Your Online Security


A core security mechanism that keeps us all safe online is likely to fail within the next few years. This could cause a massive rekeying of websites and big shifts in how we approach online security. It also signals a new wave of Artificial Intelligence systems that can teach themselves narrow tasks quickly and efficiently. Combined with the rapid rise of Quantum Computing, this could spell trouble for everyone’s online security (and the ability of your business to stay secure).

The security system in question is the hated but still effective CAPTCHA (and it’s close relative, the reCAPTCHA). CAPTCHA is an acronym for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’. For more than a decade, the hard-to-decipher letters and numbers, often posted against textured backgrounds or photographs, have played a critical role in foiling automated attempts to hack into accounts by attempting username and password and combos over and over.

The CAPTCHA-Killer

Researchers from a Silicon Valley startup named Vicarious AI published details earlier this month about  a new type of Artificial intelligence system can learn how to decode CAPTCHAs quickly. Vicarious is backed by Amazon CEO and founder Jeff Bezos and Facebook CEO and founder Mark Zuckerberg. Because the CAPTCHA cracking algorithms and artificial intelligence system requires so little training and compute resources, it represents something of a breakthrough in artificial intelligence  and not just a proof-of-concept.

With the CAPTCHA breakthrough, scientists decided not to use traditional neural networks, which require millions of accurately labeled images to train a system. They tried a different model that relied on a different technique called “contour continuity”. This mirrored how the human brain distinguishes edges of overlapping objects. The new CAPTCHA cracker could decode Google’s squiggles with a 67% accuracy rate, not that far off the human accuracy rate of 87%. For PayPal and Yahoo, the system achieved an accuracy rate of greater than 50%. That’s more than enough to allow automated systems – bots – powered by this new form of AI to crack many current types of CAPTCHAs very quickly.

Enter Quantum Computing, and It Spells Security Trouble

The impending CAPTCHA crisis compounds fears about the ability of quantum computers to crack nearly any password in seconds. Quantum computers are a new type of computer that relies on quantum states to quickly calculate certain types of math equations. Quantum computers are not ready for prime time yet but a host of tech giants are rushing to improve existing quantum computing technology to make it stable and accurate enough to use for real world problem solving. Security experts fear that a quantum computer in the hands of hackers or government intelligence agencies could rapidly undermine the security of the internet.

With the impending doom of CAPTCHA and the approach of Quantum Computers, businesses (and all of us) will need to rethink in how we lock down our online accounts – and quickly adopt new ways of creating a secure digital world. I’ll write more about that in another column.

More Info: