Including CAPTCHA in Authentication
Mobile applications often require users to authenticate themselves. This verification is vital, for the app may contain confidential data. A person with malicious intent may use such information to exploit the legitimate owner of the data. The most common authentication mechanism is asking for a username and a password. Users have to provide valid credentials to gain access. This security measure may not be adequate, though. Many automation tools are available that can help breach this barrier. Let’s have an example to understand the scenario better.
A mobile application has an authentication mechanism which asks users to enter username and password. An attacker wants to gain access to the app. He writes a code that would serially enter all the input combinations. This way, he bypasses manual work, which would take a lot of time and effort. The application grants access upon a valid input, for it has no mechanism to verify that a person is entering credentials.
The solution is to have a mechanism that can verify that a human being is entering credentials. CAPTCHA is generally a visual or a sound which is displayed on screen/played through the speakers. Users have to see/hear it and enter the same, along with the credentials. A program capable of formulating and entering credentials won’t be able to fill-up CAPTCHA details.