The present and future of verification code
What is verification code ”In fact, CAPTCHA is not a synonym for the illegible letter combinations that netizens always see on different websites, but a common name for "Turing Test for Fully Automatic Distinguishing between Computer and Human". As the name implies, it is used to distinguish between computer and human. ( Beijing website production )
In the CAPTCHA test, the computer as the server will automatically generate a question for the user to answer. This problem can be generated and judged by computers, but only human beings can solve it. Since the computer cannot answer the CAPTCHA question, the user who answers the question can be considered as a human. CAPTCHA is a computer test for human beings, rather than the standard Turing test, so people sometimes call CAPTCHA a reverse Turing test.

A joke about verification code
Whether the verification code really protects the computer system
PALO ALTO, a team of researchers from Stanford University, pointed out that many verification codes did not play their due role at all. These researchers have even designed a general program that can identify verification codes on many websites with a high success rate, including Visa's website, Blizzard's official website, eBay, and Wikipedia.
This recognition technology uses a conceptual model in the field of robot vision, which helps the robot to correctly recognize the shape of objects without the interference of image noise. Stanford, a tool called Decatcha, uses the above guidelines to write an algorithm that can segment distorted and noisy images into letters and numbers that can be identified by optical recognition technology (OCR).
”Most verification codes have not been verified before being put into use, and there is also a lack of reliability testing. "Elie Bursztein, a postdoctoral researcher from the security laboratory of Stanford University, said," I hope our research can make people more cautious about the design and use of verification codes. “
Decatcha can successfully identify 66% of the verification code images on the Visa payment website, and can successfully capture 70% of the verification codes on Blizzard entertainment websites. While Wikipedia has a quarter of the verification codes that can be identified, the number on CNET and has dropped to a fifth. Although Baidu's verification code has only 5% recognition rate, the frequency of the same verification code in the test process is as high as 98%, which is very easy to be attacked by the attacker with exhaustive method. The research team from Stanford later pointed out that any verification code system with a recognition rate of more than 1% should not continue to be used. ( High end website construction )
Verification code recognition rate of major websites:

Then Blizzard issued a statement saying that they clearly know that the verification code technology does not have enough security. " We only use verification code technology in the primary security layer to resist some specific attacks, such as registration. We use some more secure and reliable technologies to protect our customers and backbone servers. "Shon Damron from Blizzard said so.
Today's verification code
Verification code technology is still very important in the current network world. It can help prevent automatic robots from registering online mailboxes in batches and sending spam, prevent message boards from being clogged with advertisements by automatic programs, and even make the voting system more reflective of the real situation.
Examples of verification codes used by major websites:

Example of Chinese verification code used by Sina Weibo - it seems that internationalization is not taken into account:

So far, only Google's verification code has completely blocked the identification of Decatcha. The ReCaptcha project that Google acquired from Carnegie Mellon University in 2009 has also demonstrated extremely high reliability. At present, ReCaptcha has been widely used on nearly 100000 websites, including Twitter, Facebook, Craigslist, TicketMaster (a website selling tickets for various concerts, sports competitions, operas and art exhibitions) and Microsoft.
Bursztein hopes that developers can design and use verification code technology more systematically. He gave an example: in the 1980s, people usually immersed themselves in designing their own computer program algorithms, but as time went by, people found that peer testing and professional security assessment are also very important.
Looking forward to the future of verification code
It was reported earlier that Google is testing a new verification code technology. Unlike traditional verification code systems, this verification code technology requires users to input text, but requires users to rotate the graphics in the right direction:

Another image based verification code:

Similar verification codes also require users to enter the current time, the domain name of the website they visit, their own time zone, even the name of the President of the United States, and the first extraterrestrial planet to land. This kind of verification code mainly considers that the automatic computer program usually does not have enough logical thinking ability to identify and solve logical problems. The jigsaw verification code is also very similar in nature to find the verification code of different verification codes (such as finding a dog image from several cat images), but the main reason why such verification codes are not deployed on a large scale at present is that there are not enough resources to withstand exhaustive attacks (the same problem may occur after an attacker refreshes the verification code several times).
The verification code that requires the user to draw a graph:

The verification code that requires users to complete complex arithmetic problems is obviously too complex and unfriendly:

The verification code also brings more possibilities, such as the opportunity to make profits through advertising. The following verification code demonstrates the use of verification code to display advertisements:

But unfortunately, because it is also not large-scale, it is still threatened by exhaustive attacks.
These future verification code technologies should also take auxiliary functions into consideration. If the user has visual impairment, he should be able to choose to complete the verification by listening to the verification code audio, which is one of the main reasons why the character based verification code technology has not been replaced.
Verification code technology is a contradictory product of the development of computer technology. Human beings desire that computers can complete more tasks through automated processes, but they also need to prevent computers from being used for destructive and malicious purposes. As the research achievements in the field of artificial intelligence become more and more advanced, computers will become more and more reasonable (think Siri, think of IBM's latest super intelligent computer Watson).
When Turing designed the Turing test, he aimed to promote the development of artificial intelligence and demonstrate the feasibility of manufacturing humanoid robots from the perspective of philosophy and computer science. But he was afraid that he could never imagine that one day, humans would need such an urgent technology to strictly distinguish themselves from computer systems.
If one day, the computer can pass the verification code, how can we distinguish between human and computer?