- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Stuck in CAPTCHA Hell: When Security Disables
It was just after 5 AM on a workday. I had my coffee, and I needed to quickly check my work email for status on a problem. Glancing through the list of new items, I was intrigued by an unexpected message from a LinkedIn group member who I respect. I wanted to leave a comment, so I clicked on the link.
But as I tried to logon to my LinkedIn account, a CAPTCHA popped up questioning my credentials.
“Darn, I hate when this happens,” I thought. “No worries, I’ve been through this security checkpoint before.”
I typed in the two different words with the fuzzy characters. “Is there a space between these or not?” Nope – got it wrong.”
I got my glasses out and looked closer this time. Fortunately, you get to choose new images, if you think the one in front of you looks too weird. I hit the “refresh” button. Again, again and again. Finally, I liked about the fifth option. I typed in the two words. No dice.
I was mad at myself. “Wake up Lohrmann ….”
Take 3 & 4
I tried again. Calmly, I liked the first image this time. I carefully typed each word, slowly and deliberately. INCORRECT! …. What?
I got up walked into the kitchen and got another cup of coffee. I came back three minutes later and stared at the screen. Now I was getting a bit annoyed. I went through the “refresh” choice about six more times. OK, I can get this one right. I checked the “Caps Lock,” but it was NOT on.
I thought to myself, “I will try to type as if I’m acting in a kid’s play in slowwwww motion.” Here we go - I typed in each letter, one by one, very methodically. I went very, very, very slowly, making sure that each letter placed into the computer was exactly the way that I saw them on the screen. When I hit return, nope.
Now, I could hear the computer program talking to me: “Are you really Dan Lohrmann? I don’t think you are. In fact, I’m going to make the task of logging in even more difficult for you, because I don’t trust you. You’re probably a bad-guy hacker. You are an imposter!”
I tried all kinds of other options. I launched another browser session and tried logging on by just going to LinkedIn directly. I used my trusted helpful “Protection Suite” with my logon passwords kept safe by a famous vendor. I tried, you know, everything I could think of - etc, etc, etc. But I kept getting that stupid captcha bottleneck.
I started questioning what was going on: “Was this sad situation because I was logging in at an unexpected hour and they weren’t going to let me onto the website until after 6 AM? Did I surprise them and fail the profile with my too-early activity? Is this like my credit card number showing-up in China?”
This “incident” was now escalating in my mind. “Let’s activate the command center – just kidding.” But I was getting really, really annoyed. My thoughts were far from supportive of the security industry at this point.
“Who created this stupid CAPTCHA-thing anyway? I looked it up. I’ll send him a letter. Why are the images getting more and more difficult over the years? Why are there different fonts with all these crazy lines running through them that could be letters or just distractions. I think a computer program could figure this out easier than me – or maybe not.”
I closed my eyes and pondered. Maybe this was a business opportunity? I did some Google searches. My mind raced: “Are there CAPTCHA alternatives? I really like LinkedIn, but how about a frequent flyer line for “online travelers” who are trusted? Can I sign up for some different authentication scheme? What about….”
OK – back to the task at hand. This rabbit trail, is getting really bothersome, but “I WILL NOT BE DEFEATED! I WILL OVERCOME THE SECURITY OBSTACLES PLACED BEFORE ME at 5:15 AM!”
Wait It Out
You can stop the video and fast-forward at this point. The sad truth is that this process (and associated negative thoughts) went on, and on for about another 20 minutes. Yes, I was a glutton for punishment, and I don’t really know why. Still, I never successfully logged onto LinkedIn during that hour. My morning was unofficially a mess.
I turned off my computer. Read a book, worked out, took a shower and ate breakfast. After more than an hour, I calmly approached my PC, turned it on and tried LinkedIn again.
It worked! Oh yeah … No CAPTCHA, no waiting, no delay – I was in. I was set free!! Released from CAPTCHA hell! CELEBRATION! Yes, I started singing in my head: “Celebrate good times come-on…”
That night after work, I looked back and laughed at myself. All that for trying to leave a helpful comment? I thought about the crazy sequence of events. “Could I ever have dreamed of this happening twenty years ago? I wanted justice. But this is a free service. OK, we’re in the 21st century … I’ll write a blog … I’ll rant. I’ll try to make lemonade out of this lemon. There must be others who’ve experienced the same things. Perhaps this happened for a good reason? “
Getting more personal in my organizational psychotherapy: “Do my customers see our government security services in the same way sometimes? Is this another example of security as a disabler?” This was a reminder to me (and us) to walk a mile in their shoes. Eat our own virtual dog food. Admit failures. Move or remove cyber barriers to getting things done, if possible.
I’m sure there is another side to this story. No doubt, CAPTCHA security works in most cases. If I let LinkedIn executives explain, they might tell me how I messed up. But that’s probably not worth the effort. (Unless they want to respond to this blog….) Nevertheless, I don’t think I’ll ever forget my morning in unexpected social networking logon misery.
Thoughts or stories? Ever been in CAPTCHA hell?
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Continuous Monitoring and Mitigation -- the New InfoSec Frontier
- RSA Security Analytics Case Study
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- VMware Cloud Credits Program
- Insights from the 2013 IBM Chief Information Security Officer Assessment