In today's digital world, robust authentication mechanisms are an absolute necessity. With the increase in cybercrime, it is essential to protect personal and sensitive information. As stated in the last OWASP 2023 Top 10 Vulnerabilities report, authentication mechanisms are the first line of defence against unauthorized access to online accounts. Furthermore, the new ISO 27001:2022 certification standard dedicates specific controls and clauses to ensure secure authentication procedures.
A robust authentication mechanism is the key to unlocking a great number of self-services. For example, making financial operations, changing insurance policy details or consulting medical test results are operations that individuals can perform online if they pass a strong authentication screening.
However, there are situations where robust authentication mechanisms are not possible. This is the case of quote&buy journeys, where customers are not registered and identified apriori, but also when agents and advisers are about to request some actions on behalf of their clients.
In such cases, the list of self-serve services experiments a physiological reduction because some critical actions won’t be accessible to an unidentified user. Reducing the risk of robots and Denial of Services attacks is also important by using additional security measures like CAPTCHA codes and other techniques.
CAPTCHAs, in particular, are a popular security measure used to prevent automated attacks by requiring users to prove they are human and they nicely fit conversational interfaces. A handy-style text over a noisy background is generated and displayed to the user as an image. Automated Optical Character Recognition (OCR) detectors won’t be able to easily guess the keyword by reading the image.
The main three requirements for a good CAPTCHA code generator are:
