CAPTCHAs (short for Completely Automated Public Turing test to tell Computers and Humans Apart) help to prevent the creation of fake accounts, content scraping and other malicious activity. They\u2019re designed to verify users\u2019 humanity, not their identities. But much like authentication, CAPTCHA systems have struggled to maintain an acceptable balance between security and user experience.User experience has deteriorated over CAPTCHA\u2019s 21-year history. They were fine in the beginning when it was easy enough to read their skewed characters. But the stakes have continued to rise with the willingness of attackers to invest in resources to defeat the defenses. As the character obfuscation has become more pronounced, the experience for the end user has degraded in parallel. It\u2019s almost an Internet meme in itself: users squinting at their screens or asking for new images multiple times. It's the exact opposite of what an authentication experience should be for a good user. Frustration kills excitement.The sacrifice to user experience has not yielded tighter securityEven as CAPTCHA tests have become more challenging and frustrating for humans, their efficacy has stagnated. Researchers at Google and Stanford described an algorithm that used machine learning to decipher distorted CAPTCHA text. The researchers reported that they \u201cwere able to solve all the real world CAPTCHA schemes [they] evaluated accurately enough to consider the [CAPTCHA] scheme insecure in practice.\u201d Since then, advances in artificial intelligence continue to make computers better at identifying images, a successor to character obfuscation. Bad actors also can circumvent the \u201cAre you a bot?\u201d question and its underlying behavioral assessment by using programs that enlist workers on Mechanical Turk or similar platforms.Ineffective CAPTCHAs weaken authentication when designers rely on them to prevent automated attacks on login pages. As a result, it can be relatively inexpensive to develop massive networks of fake social media accounts, like those used to influence the 2016 U.S. election.Fortunately, new techniques offer more user-friendly ways to identify robots and humans alike. According to Google, its latest version of reCAPTCHA, \u201cuses advanced risk analysis techniques, considering the user\u2019s entire engagement with the CAPTCHA, and evaluates a broad range of cues that distinguish humans from bots.\u201d This includes inputs like mouse movements, speed, clicks and pauses where human behavior varies significantly from that of machines. In many cases, users can simply check a box. In others, they\u2019re asked to identify images that contain a specific object. reCAPTCHA scrutinizes the user\u2019s actions throughout this process and generates a score that website owners can use to grant access or, if the system suspects a bot, require additional actions. The tool provides a customizable way to filter scrapers, activate step-up authentication for suspicious logins, or identify risky e-commerce transactions.When better user experience and stronger security come togetherJust like reCAPTCHA, modern authentication techniques call for a close relationship between security teams and designers. Behavioral biometrics \u2013 use patterns unique to an individual \u2013 can make website interactions more streamlined as the user\u2019s identity is confirmed in the background. That\u2019s a promising principle for the crux of the design challenge in authentication. It's not enough to continue adding security layers. We have to come up with strategies that improve user experience, too.However, \u201cstrategies\u201d \u2013 plural \u2013 invites fragmentation of the authentication experience. Today, each channel to the same account \u2013 a web browser, a kiosk, a phone call \u2013 requires a different authentication method. This variance across channels contradicts organizations\u2019 imperative to provide customers with an omnichannel experience. It\u2019s a hassle for users to manage multiple usernames, passwords, personal identification numbers, challenge questions based on personally identifying information, and identity documents.Fortunately for users, organizations can implement technologies that remove friction from the online experience, offer more choice over authentication methods at different touch points, and leverage information about the user\u2019s device to ensure security while remaining in the background. This multi-factor authentication (MFA) platform allows each channel to mix available authentication methods according to circumstance. The approach unifies the user\u2019s experience across brands and services.Unified authentication employs a singular MFA experience to almost any type and number of applications: from web sites to kiosks to smart devices. To instill confidence while making transactions smoother, designers also can incorporate device-based authentication. For example, apps can detect the presence of users\u2019 wearables or other paired Bluetooth devices nearby. GPS coordinates can add additional data that reduces the need for repeat manual authentication. This diversity of authentication methods within one platform provides organizations the assurance they need for their various use cases.In the future, users should have to do as little as possible to prove they aren\u2019t robots. With the right combination of authentication technology and attention to user experience, proving their identities could be just as easy.