joined:Apr 1, 2016
Great Journalism on the part of Vice [insert sarcasm].
The article amounts to a statement equivalent to "I can pick a lock 66% of the time" There is no mention of what type of lock or how long it took pick it. At the end of the article is does mention the unCaptcha algo that claims to be able to defeat reCaptcha. When you dig deeper into the link provided you see that it can defeat it 81% of the time in 5.4 seconds using the audio.
We have evaluated unCaptcha using over 450 reCaptcha challenges from live websites, and showed that it can solve them with 85.15% accuracy in 5.42 seconds, on average: less time than it takes to even play the audio challenge!
The purpose of a Captcha is to slow a bot down. Bot's can be easily programmed to stop and get human intervention when faced with a Captcha. So the Captcha is by no means a perfect defense against bots. In fact there are services that allow hackers to get people in India solve Captcha for their bots. So Captchas were never intended as a perfect means of stoping bots. They are generally use in situations where you want to prevent bots from quickly repeating some task, such as leaving millions of spam comments, or brute force attacking a username and password log in.
So now lets review:
5.42 seconds + less time than it takes to even play the audio challenge! (note the exclamation point...) so total time say 11 seconds.
24 * 60 * 60 (second in a day) / 11 * 0.81 ~= 63000 attempts.
A 6 letter password (no special characters or numbers) has 1 / 300 M probability. (26**6)
So at a rate of 66000 attempts a day it would take in the order of 4800 days to crack the password on average.
And one more point, there is no mention about resources needed. How much computing power and electricity is this going to cost an attacker.
In conclusion I think Captchas are not yet obsolete.