To protect accounts and blogs from spammers, many businesses have elected to use CAPTCHAs rather than passwords. Now, some cybersecurity news industry experts question CAPTCHAs' effectiveness.

What CAPTCHAs Are Supposed to Accomplish

While blogs and forums have proved to be an excellent way for businesses to create a strong connection with customers, which in turn becomes brand loyalty, companies ran into a massive problem with malicious software that created fictitious accounts that in some cases allowed the software to corrupt the business’s website. The CAPTCHAs proved that it was a person, and not just an automated program, leaving a comment on a blog or forum maintained by the company. Many businesses also use CAPTCHAs whenever customers create and sign into accounts before finalizing purchases.

The Problem with CAPTCHAs

The first issue is that many users find CAPTCHAs irritating. The captchas software doesn’t always provide a clear image of the word the customer is supposed to enter which results in the customer having to try several times to access their account. Customers find this intensely irritating and each time they encounter a problem entering the CAPTCHA, they become more likely to take their business elsewhere. In a recent Distil Networks study, it was revealed that CAPTCHA programs can cost a business 12% of its customers.

The second problem cybersecurity experts worry about is that businesses put too much faith in the CAPTCHAs they are using and fail to take other precautions for their cybersecurity needs. This is especially alarming in the wake of a warning issued by Microsoft that warned individuals who use the computer programmer’s live services that a certificate was available that allowed accounts protected only by CAPTCHAs, could be at risk for an attack. The malicious certificate had been designed to circumvent the CAPTCHA and access the report.

At the moment, cybersecurity experts are working closely with Microsoft to swiftly resolve the issue, but also warn that the existence of one such malicious certificate means that similar certificates could be created that make it possible for cybercriminals to access to attack other businesses and gain access to information that would ruin the company’s reputation and bottom line.

Cybersecurity experts suggest that the best thing business owners can do to protect themselves and their customers is to look at alternate forms of cybersecurity that rely less on CAPTCHAs and more on individual passwords.

Linking with Context

A. Cybersecurity is too big a job for governments or businesses to handle alone < https://www.weforum.org/agenda/2021/05/cybersecurity-governments-business/ (weforum.org) >.

B. What small businesses need to know about cybersecurity < https://www.microsoft.com/en-us/microsoft-365/business-insights-ideas/resources/cybersecurity-small-business/ (microsoft.com) >.

C. Cybersecurity 2022: How Business Leaders Can Avoid The Next Breach <  https://www.forbes.com/sites/forbestechcouncil/2021/10/05/cybersecurity-2022-how-business-leaders-can-avoid-the-next-breach/?sh=77b398a92ee0/ (forbes.com) >.

D. Cyber threats facing agriculture: bad actors looking to dine out on farm data < https://techhq.com/2022/08/security-warning-cyber-attacks-against-agriculture/ (techhq.com) >.