img.jpg

CAPTCHA systems are eye roll-inducing, and often unreadable, strings of text a user must enter to prove that they aren’t malware or an automated script. Three Australian game developers banded together to reinvent the challenge response systems the best way they know how: through video games.

The team currently has two rudimentary games implemented with their system called FunCaptcha. In one, the user is tasked with turning an image the right way up, which is “a good example of what humans find naturally easy, and computers difficult,” according to veteran game developer and FunCaptcha co-creator Matthew Ford. The other game is based on picking out the face of one gender from a selection of the other gender.

The team has several other game ideas in development, most of which they couldn’t share at this stage, but they were able to share one example.

“It involved steering a ship through a classic arcade scrolling background, like R-Type,” Ford said. “I think gamers will like that one a lot, but we would not put it into the default rotation. That’s OK though — soon there will be settings that allow you to pick which game appears on your site when you install FunCaptcha. So a gaming site will be able to pick the more “gamey” choices to suit their audience.”

The example was tested out on non-gamers who found it too puzzling; however, they believe it will be great to use on game oriented sites. Ford said the extra challenge posed to users is to do the mini games as fast as possible to “make it a little time-challenge puzzle” and earn points. Eventually, companies will be able to implement their own reward systems.

“The faster you solve it, you get more stars,” Ford said. “For now, the stars are a bit of feedback, which is inherently fun. We all like to accomplish things. The stars get stored and are persistent. Eventually there will be a little reward or loyalty scheme based around them that kicks in when you get enough stars. For example a special offer to buy something online. That’s a little vague because we have not gotten that far yet!”

Storyboard_of_fc_solved

Michael McKinnon, a security advisor at AVG tells Games4Life that the concept of user-friendly CAPTCHA (which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”) is not new, appearing in different forms over the years.

“Some have been as simple as a ‘1 + 1 equals?’ math question, while others have been far more complicated,” McKinnon said, who pointed out that in 2004, Bill Gates said that he believed all Spam email could be stopped if the senders of email had to respond to CAPTCHA-like brainteasers. “But not much has changed since and many industry pundits agree there is no immediate answer that is so simple to stop spam.”

“The challenge in securing a CAPTCHA that discourages even the most determined adversary is to ensure that the ‘solution to the problem’ is never divulged in the question being asked of the user,” McKinnon explained. “Such that the answer must be transmitted to the CAPTCHA provider for proper server-side verification. This approach eliminates the potential tampering of the process.”

Ford believes that their system even won’t be cracked by spammers when their system becomes widespread.

“I’m happy to explain why to anyone who writes me,” Ford said. “That’s a lot more than other CAPTCHA alternatives can back up. We’ve had experts tell us we are miles ahead of those alternatives when it comes to security.”

“We’ve had experts tell us we are miles ahead of those alternatives when it comes to security.”

While McKinnon acknowledged that they may have a security good track record so far, he said that this currently may be a “reflection on the small number of determined adversaries,” rather than the technology itself.

“In the FunCaptcha examples that I have observed they use JavaScript that is executed in the browser, the code of which appears to provide some potential clues to a determined hacker that may be used to subvert this process,” McKinnon said. “As with any new technology implementation such as this which may gain popularity on the back of being easier to use, longer term it may well attract hackers who will just as easily prove it to be less secure in contrast.”

Ford explained he came to the FunCaptcha idea from an accumulation of experience during his professional career — from arcades to casual game design — which he was able to apply to the new system.

“As a game dev from way back, I’ve always really loved working on projects that require very high usability and intuitive control,” he said. “I did a lot of usability testing and iterated our games many, many times to make them so literally everyone I showed it to would solve it — regardless of their age, experience with games, speed of their reflexes, or anything.

“I have a lot of thanks to give to the casual game revolution to give designers lots of ways to think about super easy usability, and for paving the way so lots of people who see FunCaptcha are interested in it because it reminds them of a game,” he continued.

Ford has been in game development for more than 20 years, beginning at Atari through to Microsoft. At Microsoft he worked on projects such as Asheron’s Call 1 and 2, and on the multiplayer gaming component of the original Xbox project. It was later on, while teaching the game degree at the Queensland University of Technology where he met Kevin Gosschalk, the programmer of FunCaptcha.

With a background in mobile game development, Gosschalk and Ford together made a licensed educational game suite for schools.The duo later thought up the idea for FunCaptcha which they then prototyped with Chris Macaulay on a “startup weekend” competition in Brisbane. Macaulay, who founded and ran a skateboard company, bolsters the team with his marketing, startup building and general business experience.

Currently more than 4,000 sites, including several gaming sites and guild sites, have FunCaptcha enabled, according to Ford. It’s a nice way to say to your players, “We are so into games even our freaking CAPTCHA is a game!”

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Close