The announcement was made on Friday by Vinay Shet, Product Manager for reCAPTCHA, who shared that they have been performing "extensive research and making steady improvements to learn how to better protect users from attackers" and that the tool is now "more adaptive and better-equipped to distinguish legitimate users from automated software."
Understandably, he didn't go into much detail about the changes.
"The updated system uses advanced risk analysis techniques, actively considering the user’s entire engagement with the CAPTCHA—before, during and after they interact with it. That means that today the distorted letters serve less as a test of humanity and more as a medium of engagement to elicit a broad range of cues that characterize humans and bots," he simply stated, adding that there are now different classes of CAPTCHAs for different kinds of users.
What does this change mean for Google users?
It means that if the system is reasonably sure that the user is legitimate and human, it will serve a type of reCAPTCHA that has proven to be significantly easier for them to solve than those containing arbitrary text - and that is numeric CAPTCHA:
Suspected bots will, on the other hand, never be faced with numeric CAPTCHA, and will be tested with CAPTCHAs that are specifically designed to sniff them out. Again, Shet naturally didn't disclose what these types of CAPTCHAs include and look like.
Finally, he announced more improvements in the incoming months, adding that they have made "significant advancements to reCAPTCHA technology".
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.