The use of captcha is very widespread on the web, those sections that identify a human being behind a form to ensure that it is not a bot filling in thousands of data per minute. It is useful, but not very practical, we all hate putting the numbers and letters of the captchas, especially if we make a mistake the first time.
The point is that Cloudflare believes there is another alternative, another way to prove that we are human just by using the system, the “Cryptographic Personality Attestation.”
Right now, it only supports a limited number of USB dongles such as YubiKeys, but you can test the Cloudflare system yourself right now on the company’s website, something that can already be tested at cloudflarechallenge.com.
Describes it on his blog. We just have to click on the “I am a human” button and follow some instructions to select the security key, then touch it and then allow the site to access properly.
He describes it like this:
The short version is that your device has a built-in secure module that contains an exclusive secret sealed by its manufacturer. The security module is able to demonstrate that it has such a secret without revealing it. Cloudflare asks you for proof and verifies that your manufacturer is legitimate.
At the moment this is only an experiment available “to a limited extent in English-speaking regions.” Cloudflare promises that it will “look to add other authenticators as soon as possible,” but has not given dates or details of how the process will take place.
Cloudflare suggests the possibility of connecting a phone to the PC to pass a wireless signature using NFC. IPhones and Android phones could be treated as physical security keys if Google and Apple joined the Cloudflare approach, but that’s all futurology.
We will closely follow this advance.