January 4, 2019 —
Ryan Wilk comments on the news that the unCaptcha automated system bypassed Google’s reCAPTCHA challenges, despite major updates to the security service.
Captcha in and of itself is only one piece of the authentication puzzle. If captcha is the only security layer, once the puzzle is broken, then the bad actor has won. To effectively solve the issue of automation attacks without creating a challenging customer experience, companies will need to implement a passive layered security solution, using behavioral analytics and passive biometrics, to accurately identify if the user is a human or a machine. If the sole source of identifying and mitigating automation is a shallow captcha puzzle with no intelligence behind it, get ready for 67%+ of all automation to get past security controls with ease.
For the complete article, go here.