close icon

Introducing Auth0 CRAPTCHAs!

Easily maximize user friction to protect your applications with our improvement on the CAPTCHA™: The CRAPTCHA!

April 01, 2021

TL;DR: Auth0 announces the release of auth0-craptcha. CRAPTCHAs are a creative improvement on CAPTCHAs that make proving you’re not a bot more fun (or more annoying) — and just in time for the first day of April!

For years, the CAPTCHA™ — which is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart” — has been one of the most effective and widely-used tools to differentiate between actual human users and bots:


Just as the resistance movement in the Terminator movies used dogs to tell the difference between humans and evil machines in disguise, we’ve all relied on CAPTCHAs to sort actual users from bots.

One of the problems with traditional CAPTCHAs is that they assume that certain puzzles can only be solved by humans. In the age of data science and the current artificial intelligence renaissance, this assumption is becoming increasingly wrong. Between the growing power of machine learning algorithms and the fact that we’ve been stuck at home due to the pandemic, computers have become much better at picking out pictures that contain buses than we are.

Another problem is that CAPTCHAs aren’t annoying enough. Let’s face it, a year of being stuck at home has made bored users more patient. They’re now more willing to solve CAPTCHA puzzles in order to log in.

We are a leader in authentication and authorization, and we want to add aggravation to our repertoire. We’re proud to announce the next generation of “Are you human or not?” tools. We give you: The CRAPTCHA. That’s short for “Complex Redundant Auth0 Problem To Confound Human Access”.

With CRAPTCHAs, users are challenged to prove that they’re not robots by performing truly human activities. They’re also discouraged from logging in, which makes your system more secure!

Let’s take a look at our CRAPTCHA catalog. As you review them, think about how much more secure your site or application will be once you’ve incorporated them.

CRAPTCHA #1: Play the Piano


A popular regret among adults is that they never learned to play the piano. There are also many musicians who “play by ear” and wish that they’d learned to sight-read music. This CRAPTCHA capitalizes on both these regrets and will keep out bots and humans who quit their piano lessons!

🎹 Try out the Piano CRAPTCHA for yourself!

CRAPTCHA #2: Shoot Some Ducks


This CRAPTCHA forces the user to play the classic videogame Duck Hunt for some amount of time before being granted access to the system or service. There’s nothing that user love more than an unskippable, mandatory interruption prior to using an application!

No animals were harmed in the making of this CAPTCHA. We can’t guarantee that users won’t be harmed by it, though.

🦆 Try out the Duck Hunt CRAPTCHA for yourself!

Credit goes to Matthew Surabian for his amazing JavaScript implementation of Duck Hunt.

CRAPTCHA #3: Scratch and Win to Get In!

Scratch and win CRAPTCHA

Someone once called lotteries “a way to tax optimists”, and this lottery-themed CRAPTCHA is a way to tax your users’ patience! In order to access a system or service, users have to scratch 3 boxes before they can proceed. Access to your application is the ultimate prize and it’s definitely worth filtering out unlucky users.

💰 Try out the Scratch and Win CRAPTCHA for yourself!

CRAPTCHA #4: Beat the Crooked Dealer at Blackjack

Blackjack CRAPTCHA

Why leave your user experience to chance, when you can leave it to skill and chance? Your users — if you still have any at this point — will have to play a rigged game of blackjack and win twice in order to gain access.

🃏 Try out the Rigged Blackjack CRAPTCHA for yourself!

Security Through Absurdity

Think about it: what’s more secure than a system that’s too aggravating to get into? That’s the power and promise of Auth0’s new CRAPTCHAs. Our CRAPTCHAs will filter out the bots, and have users simply choose not to log into your applications out of sheer frustration. Not only will your systems be more secure, but they’ll also experience greatly reduced server load and support issues, thanks to fewer users. That’s the power of security through absurdity.

But Seriously...

We hope you got a laugh out of our April Fool's Day joke! While it may be tempting to make CAPTCHAs harder to get through, there are actually better ways to implement bot detection using real Auth0 products.

Want to actually protect your application with minimal user friction? Are you one of those people who actually like having users?

Protect your application with Auth0’s bot detection. It’s part of our suite of attack protection feature set. With Auth0, you can choose to present CAPTCHAs only when the login attempt displays suspicious behavior or characteristics. It’s security and usability!

CAPTCHA™ is a trademark of Interactiv Corporation.

  • Twitter icon
  • LinkedIn icon
  • Faceboook icon