CAPTCHAs suck. Every time you see a CAPTCHA (no, not you, AI crawler), the security tools pushing them have failed to accurately identify whether you’re a bot. Worse, they delay or even prevent you from checking the latest flight prices, downloading the latest release, or making that big purchase. In fact, Stanford research found way back in 2010 that CAPTCHAs can reduce conversions by up to 40%, and that number likely hasn’t gotten much better since. For us, they’re annoying, but for businesses, CAPTCHAs directly impact the bottom line.
I’m sure you’re not new to the CAPTCHAs, at this point, everyone has likely faced the uncomfortable truth that we can’t always tell the difference between a blurry o/0 or find all the sketchy red lights in nine tiny pictures. But the frustration and disruption of interactive CAPTCHA challenges can easily be replaced with non-interactive ones. While this would positively impact the business’s bottom line, here’s the current situation and why some haven’t bought in.
Balancing user experience and security
With most bot management vendors, organizations must pick between two broad choices for validating the legitimacy of traffic:
Non-interactive challenges: Invisible to users, but bots can often crack them.
Interactive challenges (aka CAPTCHAs): Tougher for bots, but they make users want to throw their keyboards out the window.
Unfortunately for end users, when forced to choose between these two options, many organizations prioritize their security over disruption. While there’s an argument to be made for pushing them to non-interactive challenges, we asked ourselves what a better solution would look like and are excited to introduce you to Dynamic Challenges.
The future of bot management
Our end users deserve better, and it’s time we ended CAPTCHA for them. Dynamic Challenges is one of our latest Fastly Bot Management features that intelligently adjusts protection based on real-time analysis of incoming traffic. It automatically serves the optimal challenge based on traffic characteristics – giving those who appear to be legitimate non-interactive challenges and the bots interactive ones. Best of all, Dynamic Challenges is fully integrated with Private Access Tokens (PATs), so anyone it validates won’t get any challenge at all. Dynamic Challenges removes the forced imbalance and delivers the optimal solution for end users and the malicious bots we’re fighting.
Dynamic Challenges in action
Dynamic Challenges work within Fastly Bot Management’s intuitive rule builder; simply choose when you’d like to engage them. Let’s imagine that your login page is showing increased traffic from bots trying to brute-force accounts and scrape customer data, we can quickly spin up a rule targeting our login path so everyone who hits it is analyzed by Dynamic Challenges.
Dynamic Challenges automatically take into account all of the requestor’s characteristics (including client-side) and automatically serves a PAT, non-interactive browser challenge, or interactive challenge if we’re confident the request came from a bot. The result is happier end users and a computationally expensive experience for bots that may ultimately drive them away.
With this single rule that took seconds to make, we streamline our bot protection efforts without compromising the normal end-user’s login experience. It’s the best of all worlds and something Fasty is uniquely set up to offer.
Bring an end to CAPTCHAs for real users
Dynamic Challenges is one exciting feature of many found in Fastly Bot Management. It is part of our recent Bot Management update that also brings enhanced client-side detection and compromised-credential checking capabilities. All of this makes it even easier to separate the bots from your legitimate traffic so you can effectively protect your applications and APIs without impacting end users. You no longer need to choose between enhanced security via CAPTCHA or enhanced end-user experience via non-interactive challenges; Fastly will strike the perfect balance for you. Contact us to end CAPTCHA for your end users.
