Cloudflare To End CAPTCHA Madness With Trusted USB Keys
Cloudflare, an American web infrastructure and website security company that provides content delivery network services, wants to replace the “madness” of CAPTCHAs across the web with an entirely new system.
According to Cloudflare, it takes a user on average 32 seconds to complete a CAPTCHA challenge.
In a blog post today, Cloudflare says “Today, we are launching an experiment to end this madness. We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is even possible? And the answer is: Yes! We’re starting with trusted USB keys (like YubiKey) that have been around for a while, but increasingly phones and computers come equipped with this ability by default.”
Here is the company’s “elevator pitch” of what’s going on behind the scenes to establish that you’re a human via its new method:
The short version is that your device has an embedded secure module containing a unique secret sealed by your manufacturer. The security module is capable of proving it owns such a secret without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate.
Cloudflare says this is only an experiment right now, available “on a limited basis in English-speaking regions.” And in its current state, it only works with a limited set of hardware: YubiKeys, HyperFIDO keys, and Thetis FIDO U2F keys.