Skip to content Skip to navigation Skip to footer


CAPTCHA Definition

When internet users attempt to visit a website using their login credentials or enter their credit card details, they may be asked to complete a CAPTCHA. This is typically a quick step that requires them to enter a CAPTCHA code or words, click images, or complete a CAPTCHA solver to gain access to the website. 

CAPTCHA is an acronym for Completely Automated Public Turing Test To Tell Computers and Humans Apart. It ensures CAPTCHA bot avoidance because administrators can validate incoming users with CAPTCHAs and websites can identify whether a user is real or malicious.

How Does CAPTCHA Work?

CAPTCHA was first created as an attempt to block spammed software from commenting on website pages or purchasing products in bulk. A classic CAPTCHA solver asks users to identify specific letters that have been distorted so that a bot would be unlikely to recognize them. 

Users need to decipher the distorted characters and type them into a form field, then submit it. If the letters are not entered correctly, the user is asked to try again. These CAPTCHA forms are common on account sign-ups, online polls, and e-commerce checkouts.

What Is the Use of CAPTCHA?

CAPTCHA enforcement has a wide range of uses that enable websites to identify real users from bots. It can be used to filter spam messages, restrict inappropriate comments, and prevent messages from posting automatically. Some websites also use CAPTCHA to protect themselves against bots and may trigger a CAPTCHA test if they detect behavior that resembles bot activity. 

Limiting Registration for Services

CAPTCHA can prevent bots from creating multiple accounts on free services like Gmail, Hotmail, or Yahoo Mail. CAPTCHAs are placed on registration forms to prevent the creation of multiple spam email accounts.

Preventing False Comments

CAPTCHAs also help websites prevent the posting of spammed messages or false comments. This is useful for blogs or web-pages that feature contact forms or message boards, ensuring only legitimate comments can be posted on them.

Maintaining Poll Accuracy

CAPTCHAs also help websites prevent the posting of spammed messages or false comments. This is useful for blogs or web pages that feature contact forms or message boards, ensuring only legitimate comments can be posted on them.

Preventing Ticket Inflation

Websites that sell tickets to events like concerts or sports games use CAPTCHA to prevent ticket inflation and restrict the number of tickets that users can purchase. This helps them prevent scalpers from purchasing tickets in bulk then selling them for a profit or at excessive prices. This way, websites can ensure legitimate customers are able to buy tickets at fair prices.

What Are the Drawbacks of Using CAPTCHA?

Despite these benefits, there are some drawbacks to using CAPTCHAs. These include:

Bad User Experience

CAPTCHA tests are not the most user-friendly tools and can often frustrate users by interrupting their flow. This results in users having a negative view of the website that issues the CAPTCHA and may often lead to them no longer using that website.

Not Usable for Visually Impaired Visitors

A key drawback of CAPTCHA is that they are reliant on people's visual perception. In other words, users have to see the text or images the CAPTCHA generates in order to access a website. As a result, CAPTCHAs are virtually impossible to use for anyone with seriously impaired vision or who is legally blind.

These Tests Can Be Fooled by Bots

Some CAPTCHA tests can be fooled or bypassed through the use of bots and should not be relied upon to protect websites. In particular, some bots can bypass text-based CAPTCHAs, while others are programmed to defeat and solve image recognition tests. 

Types of CAPTCHA with Examples

There are several options for configuring CAPTCHA to protect websites. Common examples include:

Text-based CAPTCHA

A classic format is text-based CAPTCHA, which uses words or a combination of digits and letters that users must decipher and enter in the text box. It involves alienating or distorting letters using arcs, dots, colors, or lines to prevent bots from recognizing them.

For example, when creating a new online account, a user gets a series of distorted or contorted characters that a spambot will not be able to recognize. 

CAPTCHA text example


One alternative to text-based CAPTCHAs is the image-based method. Users are presented with recognizable images or graphics, such as everyday objects, and asked to select images that resemble the original image.

Other image-based CAPTCHAs ask users to select elements that are present within an image. For example, selecting all squares within an image that includes traffic lights. 

These CAPTCHA tests are quick for legitimate users to solve and more difficult for bots or computer programs to classify and solve. Therefore, image-based CAPTCHAs are a more secure alternative to text-based options.

CAPTCHA Image example


Text and image CAPTCHAs are reliant on users being able to see the information, which restricts usage by visually impaired people. Websites can avoid this issue with audio CAPTCHAs, which typically include a button that users can select to hear an audio version of a code or sequence of letters and numbers. This increases website usability and ensures sites are available to all users. 

CAPTCHA audio example

Math or Word Problems

Another option for filtering out spam bots is to use math or word problems that users need to solve and enter the answer into the text box. These typically include simple mathematical equations or word recognition problems that users can quickly solve and enter.

Social Media Sign-in

Users can use their social media profile, such as a Facebook or LinkedIn account, to sign in to a service. This automatically fills in their details using a single sign-on (SSO) process.


Original CAPTCHA formats can be completed by advanced bots so they are increasingly being replaced by reCAPTCHA. The Google reCAPTCHA service provides more advanced tests that offer greater certainty between human users and bots. It sources texts and images from the real world or includes checkboxes, image recognition, and behavior assessment.

reCAPTCHA service

How CAPTCHA Prevents Scammers

CAPTCHA is widely used to prevent scammers from accessing websites for various purposes, including: 

Protects Online Polling

CAPTCHAs can protect online polls and ensure only legitimate users complete a poll. This prevents spammers from skewing poll results.

Protects Against Email Worms/Junk Mail

Prevent spammers from creating multiple accounts to spread malware, junk mail, or phishing attacks.

Prevents Comment Spamming on Blogs

Prevent spammers from accessing blogs or web-pages with contact forms and stops them from submitting fake comments.

Prevents Dictionary Attacks

Hackers may use dictionary attacks to gain unauthorized access to systems by using software to try all words in a dictionary to guess passwords. CAPTCHA can prevent such attacks.

Protects Website Registrations

Enable websites to prevent scammers from creating multiple accounts to free services, such as free email providers. 

Configuring CAPTCHA with Fortinet

Fortinet FortiADC application delivery controllers enable admins to validate users through CAPTCHA. This helps businesses determine if incoming visitors are legitimate users or malicious traffic, such as bots or hackers. 

FortiADC can be configured according to the organization’s denial-of-service (DoS) and web application firewall (WAF) policy to ensure CAPTCHAs are only issued to users that meet specific rules. This provides distributed DoS (DDoS) protection, keeps applications safe from attacks through runtime application self-protection (RASP), improves website performance with a content delivery network (CDN), and enables organizations to use their own CAPTCHA verifications when attacks are detected.