An anonymous reader quotes a report from ZDNet: Cloudflare is testing out the possibility of security keys replacing one of the most irritating aspects of web browsing: the CAPTCHA. CAPTCHAs are used to catch out bots that are trawling websites and are often implemented to prevent online services from being abused. “CAPTCHAs are effectively businesses putting friction in front of their users, and as anyone who has managed a high-performing online business will tell you, it’s not something you want to do unless you have no choice,” Cloudflare says.
To highlight the amount of time lost to these tests, Cloudflare said that based on calculations of an average of 32 seconds to complete a CAPTCHA, one test being performed every 10 days, and 4.6 billion internet users worldwide, roughly “500 human years [are] wasted every single day — just for us to prove our humanity.” On Thursday, Cloudflare research engineer Thibault Meunier said in a blog post that the company was “launching an experiment to end this madness” and get rid of CAPTCHAs completely. The means to do so? Using security keys as a way to prove we are human.
According to Meunier, Cloudflare is going to start with trusted security keys — such as the YubiKey range, HyperFIDO keys, and Thetis FIDO U2F keys — and use these physical authentication devices as a “cryptographic attestation of personhood.” This is how it works: A user is challenged on a website, the user clicks a button along the lines of “I am human,” and is then prompted to use a security device to prove themselves. A hardware security key is then plugged into their PC or tapped on a mobile device to provide a signature — using wireless NFC in the latter example — and a cryptographic attestation is then sent to the challenging website. Cloudflare says the test takes no more than three clicks and an average of five seconds — potentially a vast improvement on the CAPTCHA’s average of 32 seconds. You can access cloudflarechallenge.com to try out the system.