FB pixel

Cloudflare launches cryptographic humanity authentication test to eliminate CAPTCHAs

Categories Access Control  |  Biometrics News

cybersecurity online authentication

Making people complete CAPTCHAs to prove they are not bots wastes 32 seconds, on average, and could be costing years’ worth of combined productivity from internet users each day, according to a new blog post from Cloudflare . In response to this previously little-discussed issue, Cloudflare will treat trusted USB tokens, like YubiKeys, as cryptographic attestation of humanity.

The attestation can be performed by a range of hardware authenticators that are compliant with the FIDO protocol, such as with smartphones through NFC. Device manufacturers must be part of the FIDO Alliance for the device to be trusted by Cloudflare.

The term CAPTCHA, for ‘Completely Automated Public Turing test to tell Computers and Humans Apart,’ has been in use since 2003, but the WebAuthn standard enables Cryptographic Attestation of Personhood with public key cryptography.

This method allows people to avoid CAPTCHAs without risking their personal data privacy and security, according to the post.

Cloudflare can collect a unique ID associated with the individual’s key, and identify the manufacturer of the device, but not gather other digital ID or personal information, such as biometric data collected by some Yubico tokens and smartphones, which remains on the device.

Yubico launched fingerprint biometric hardware security keys in late-2020.

“Driving open authentication standards like WebAuthn has long been at the heart of Yubico’s mission to deliver powerful security with a delightful user experience,” says Christopher Harrell, chief technology officer at Yubico. “By offering a CAPTCHA alternative via a single touch backed by YubiKey hardware and public key cryptography, Cloudflare’s Cryptographic Attestation of Personhood experiment could help further reduce the cognitive load placed on users as they interact with sites under strain or attack. I hope this experiment will enable people to accomplish their goals with minimal friction and strong privacy, and that the results will show it is worthwhile for other sites to consider using hardware security for more than just authentication.”

The privacy protection of the approach is imperfect, according to Cloudflare, but the company needs to confirm the hardware security keys have not been tampered with by checking the certificate, which reveals the device manufacturer to Cloudflare. Through zero-knowledge proofs, the company believes it may be able to avoid collecting this information in the future.

Cloudflare will consider adding support for other authenticators in the future, depending on the results of its experiment with USB and NFC security keys.

Article Topics

 |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News


New FaceTec CLO among avalanche of appointments in biometrics and fraud protection

New executives have been named by biometrics providers FaceTec, Pindrop and Fingerprint Cards, along with C-level appointments by Prove and…


Indonesia issues call for World Bank-backed digital identification project

Indonesia is looking for a company providing consulting services as a part of its upcoming digital transformation project backed by…


Affinidi data sharing framework leverages privacy-preserving open standards

Affinidi, a company specializing in data and identity management, unveiled the Affinidi Iota framework at the WeAreDevelopers World Congress. This…


Sri Lanka set for January biometric passport launch, plans airport upgrades

Sri Lanka is preparing to begin issuing biometric passports with electronic chips embedded as of January, 2025, according to a…


Vending machines with biometric age verification roll out in Germany, US

Vending machines are growing in popularity as a way to sell age-restricted products around the world, with Diebold Nixdorf algorithms…


San Francisco police hit with lawsuit over facial recognition use

In 2019, San Francisco became the first city in the U.S. to ban facial recognition technology, forcing the police and…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events