Signing in to a service

Prevent automated sign-ins with behaviour analysis

A CAPTCHA example with image recognition.

Description

Stop automated access (by bots) by analysing data about interaction behaviour. It is also known as CAPTCHA, Completely Automated Public Turing test to tell Computers and Humans Apart.

An example of this could be analysing someones’ mouse movements or typing patterns to check it isn’t automated.

IF thinks that preventing automated sign-ins will become more difficult but also more critical, as machine learning algorithms improve. This pattern removes burden from people to verify they’re human but requires continuous data collection and monitoring. You should consider the risk of automated sign-ins with the impact of continuous data collection in context. It might not work if people use privacy-preserving features such as incognito mode. Alternatively, other patterns could be used to prevent automated sign ins, such as multi-factor authentication using text message or biometric authentication.

Read more: The inaccessibilities of CAPTCHA.

Advantages

  • Reduces the impact of automated access to systems, such as denial of service, spam or fake users
  • Behavioural analysis causes less friction than asking people to complete challenges

Limitations

Examples

  • Google reCAPTCHA →

    Uses risk based analysis to detect abusive traffic on websites

  • hCAPTCHA →

    An alternative to reCAPTCHA that also provides data labelling services for training data sets