What’s CAPTCHA & How Does It Work?

Ever wondered what’s the purpose of that checkbox which says ‘I’m not a robot’ whenever you are filling a contact form on a website or while entering a zoom call? To answer that we have to first understand the concept of ‘Turing Test’ as well as ‘bots’ (robots) in the online world and why do they exist.

Photo by Kaboompics .com from Pexels

What are Bots?

A ‘Bot’ is basically a computer program which is designed to do repetitive tasks (specific set of instructions) without any human intervention. A bot can run on it’s own, which means that it can perform specific tasks in a loop until a desired condition is met.

Bots are everywhere on the internet. Some are good, while some are extremely bad. Also, bots can mimic the behavior of humans on the internet. Now, you might have a question, ‘Which bots are considered ‘legitimate’ and which ones are considered bad?’ So, let’s look at different categories of bots.

Bots can be classified as:-


Bots which are used for automated messages to a certain extent in text format. Example: WhatsApp Bot.

Social Media Bots

Usually present on social media sites to increase engagement, but some of them are not so good. They can be used for gaining unauthentic followers and likes.


These are the bots which ‘index‘ multiple websites. They basically scan websites to see the content that it holds and accordingly those websites appear in search results depending on how relevant the website is. They are also known as web crawlers. These bots are legitimate.

Malicious Bots

Cybercriminals use these bots to carry out malicious activities. Some of them are listed below:

  • Brute-Force Attack (Password Cracking)
  • Web Scraping (Trying to steal copyrighted content from websites.)
  • Spreading Spam Content
  • Credential Stuffing

So, by now, it’s clear that bots have both a light side and a dark side which depends on the intention of the developer.

How can we control malicious bot activities? That’s where CAPTCHA comes into action.

Understanding CAPTCHA and reCAPTCHA

In 1950, Alan Turing came up with the concept of machines thinking intelligently like humans. He developed a test known as ‘Turing Test’ which determines whether a computer can mimic human behaviour or not.

In this test, a computer (who’s test is to be taken) and two humans (one participant and one interrogator) are involved to determine the capability of the computer to interact like humans. The interrogator (human) asks several questions to the two participants (a human and a computer) and seeks the response of the two participants. One thing to keep in mind that the interrogator cannot see which of the participant is computer or a human. The task of the interrogator is to differentiate between the human and the computer based on the answers given by both of them. If the interrogator is not able to distinguish between the human and the computer, then the computer is said to have passed the Turing Test.


CAPTCHA stands for ‘Completely Automated Public Turing Test to tell Computers and Humans Apart’. As the name suggests, it is a Turing Test but instead of a human interrogator, the test is conducted automatically by computer programs.

CAPTCHA are of two types: Text-based and Image-based

Text-based CAPTCHA. Source: Wikipedia
Image based CAPTCHA. Source: Wikipedia.

Text-based CAPTCHA can be recognized by computers through machine learning but image recognition makes it harder to do so.


Meanwhile, Google announced reCAPTCHA that required users to only click on a checkbox to verify their identity. The reCAPTCHA tracks the movement that the user’s cursor makes in order to get to the checkbox. This movement done by a human always contains some minute microscopic movements which are detected by reCAPTCHA and then the user is considered to be legitimate and is given access. The movement done by bots in order to click the checkbox is always accurate and precise but the movement done by humans always contains some micro-movements before they click on the checkbox.

If the reCAPTCHA is still not convinced about the user’s authenticity, then image based CAPTCHA is displayed and the user have to pass that test as well.

Source: Wikipedia

CAPTCHA can prevent malicious bots up to a certain extent only, because some really advanced bots may manage to bypass CAPTCHA.

That’s all for now. Signing off.

If you have any suggestions, then you can send us a message by going to Contact tab or leave us a comment below..

One thought on “What’s CAPTCHA & How Does It Work?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s