update page now

New: EU CAPTCHA – GDPR-compliant bot protection. Try it free for 3 months!

Home>

Captchas

Puzzle

What are captchas?

Captchas protect web applications from malicious access by bots and spammers. However, the added security provided by Lefacy solutions comes at the expense of accessibility and usability. This is because the small image and audio puzzles also pose a hurdle for some human users. 

These disadvantages can be circumvented with modern, interaction-free solutions such as Myra EU CAPTCHA: Bots are blocked in the background, without image puzzles or tracking – and in full compliance with the GDPR.

Learn more: EU CAPTCHA – GDPR-compliant bot protection

At one glance

  1. 01. Captchas: a definition
    1. 02. How do captchas work?
      1. 03. What are the disadvantages of captchas?
        1. 04. How cybercriminals circumvent captchas?
          1. 05. How to extend the protection of captchas?
            1. 06. Captchas: what you need to know

              01

              Captchas: a definition

              When surfing the Internet, users have been encountering various captcha procedures for several years now. The little pictures and word puzzles on websites are intended to ensure that only human visitors can access the services hidden behind them. In this way, the small tools protect against misuse on Internet platforms. The term Captcha is an acronym and comes from the English: "Completely Automated Public Turing test to tell Computers and Humans Apart". Thus, the word Captcha serves as a collective term for all forms of automated Turing tests, which are used by computers to tell humans and machines apart.

              02

              How do captchas work?

              The concept of Captcha procedures provides for tasks that are easily solvable by humans, but cause major problems for computer systems. In practice, therefore, image or word puzzles are usually used in conjunction with blurs and similar optical manipulations. To solve these tasks by machine, sophisticated algorithms for image recognition and powerful hardware are required. These hurdles are used to defend against automated queries and spammers.

               

              Captchas are used everywhere on the net where services are threatened by bot access. Webmasters sometimes use the technology to protect online surveys, e-mail services, or even sensitive services such as online banking from misuse.

              03

              What are the disadvantages of captchas? 

              The use of traditional captchas to protect web services is not without controversy. Above all, integrated image and word puzzles severely restrict the accessibility of the underlying web application. Such captcha tasks cause major difficulties for visually impaired people during login. Acoustic captchas are intended to provide a remedy, but they are criticized for their high level of difficulty and are also problematic for hearing‑impaired users.

              In terms of user experience, these classic puzzle‑based captchas are also considered problematic because they add yet another step to logging in to online shops and other portals. The additional effort for potential customers has a negative impact on conversion rates – especially as captcha tasks have to become increasingly complex to keep up with advances in artificial intelligence.

              Modern, interaction‑free captcha approaches such as Myra EU CAPTCHA follow a different path: verification runs in the background, without image puzzles, without extra clicks and without tracking – while still providing strong protection against bots and abuse.

              Person working on a laptop with code on the screen

              Google reCAPTCHA: controversial convenience service

              Since 2013, the Google service reCAPTCHA has been addressing the problem of overly complex login processes with the so-called No CAPTCHA. This is a checking method that evaluates browsing data in the background, such as IP addresses, location, dwell time and mouse movements. If the collected data indicates that it is a valid user request, a simple mouse click on the text field "I am not a robot" is sufficient to solve the captcha. If, on the other hand, the results are less clear, the familiar visual or acoustic captchas are used to thwart malicious bot access. The further development reCAPTCHA v3 does not even require any additional user queries. Here, automatic accesses are identified and managed in the background. For website visitors, reCAPTCHA may be a welcome gain in convenience, but data protection organizations are increasingly bothered by the disclosure of sensitive user information to the US company.

              04

              How cybercriminals circumvent captchas 

              In practice, captcha challenges are primarily used to thwart misuse and attacks by means of credential stuffing or credential cracking. In most cases, cybercriminals target lucrative online banking or payment accounts in their attacks. Traditional captchas serve as an additional security layer here – but as a stand‑alone protective wall these challenges are less suitable. For cybercriminals and their bot armies, conventional captchas are not an insurmountable hurdle, because there are various methods to bypass their protective function:

              MODERN ALGORITHMS

              Modern algorithms are capable of reliably solving even complex captchas and usually perform better than human users. In the technological race, therefore, constantly improved captcha methods are required to ensure reliable protection.

              TROJANER

              Trojans can trick thousands of users into filling out captcha queries manually - disguised as mini-games on websites or local systems, for example.

              CAPTCHA SOLVING SERVICES

              Captcha solving services offer the resolution of captcha queries as a service at ridiculous prices and even provide interfaces for further processing of the data. With these services, the answering of the captchas is done by armies of cheap laborers who solve the digital puzzles manually in developing countries. Via API integration, captcha solving services can even be directly connected to the cybercriminals' automated attack tools.

              05

              How can the protection of captchas be extended?

              The examples presented show that the captcha procedure alone is not sufficient for the protection of accounts and log-ins. Although many malicious bot requests can be prevented through the targeted use of captchas, ambitious criminals cannot impress webmasters with this.

               

              Malicious traffic can be fended off much more effectively using bot management services, for example. The security solution clearly identifies bot requests and enables site operators to granularly control which types of machine traffic are allowed on the website and when. The precise management of traffic not only increases the protection of log-ins, but also allows for a more performant and cost-effective operation of the website. For example, desired bot requests can be moved to low-traffic times of the day to provide more power for human access at peak times.

              06

              Captchas: What you need to know 

              Traditional captchas are usually small picture and word puzzles designed to prevent automated access to websites by bots. These Turing tests are set up so that only human users can successfully pass them. However, cybercriminals have various methods at their disposal to get their malicious bots past such captcha blockers – for example using special algorithms, Trojans or captcha solving services.

              For holistic control of automated access, relying on classic puzzle‑based captchas alone is therefore not sufficient. More comprehensive tools such as bot management services are required to allow granular control of bots on the company’s own websites. In combination with a modern, privacy‑first captcha solution like Myra EU CAPTCHA, this creates a multi‑layered protection concept that balances security and user experience.

              Learn more about Myra EU CAPTCHA
              About the author

              Björn Greif

              Senior Editor

              About the author

              Björn started his career as an editor at the IT news portal ZDNet in 2006. 10 years and exactly 12,693 articles later, he joined the German start-up Cliqz to campaign for more privacy and data protection on the web. It was then only a small step from data protection to IT security: Björn has been writing about the latest trends and developments in the world of cybersecurity at Myra since 2020.

              © Myra Security GmbH 2026, all rights reserved

              Made in Germany.

              Responsible DisclosureLegal noticePrivacy policyPrivacy SettingsTerms and Conditions