Chess CAPTCHA – a serious defence against spammers?

CAPTCHAs – the questions that a website asks you to answer to prove if you’re a human being or not – come in many shapes and forms.

Conventional CAPTCHA

Although they most commonly ask you to decipher some words hidden in a distorted graphic, there are more elaborate versions which can ask you to solve some complicated mathematical calculation or ask you to add toppings to a pizza in an attempt to stop automated bots leaving spammy messages.

As a keen chess player, I was interested to see this CAPTCHA being used on an online chess forum:


Okay, so it’s not much of a challenge if you’re a chess player, but it also clearly locks out any users who do not know how to play chess. (For those of you can’t see the checkmate, the answer is upside-down at the bottom of this article – and make sure to realise that Black is playing from the bottom)

But most importantly, if a CAPTCHA system like this were to become widely-used, how tricky would it be for an automated bot to solve the puzzle?

Sadly, it wouldn’t be very difficult. After all, chess computers have been capable of beating world chess champions for 15 years.

Sign up to our free newsletter.
Security news, advice, and tips.

Solving a chess puzzle doesn’t prove that you are a human – it just proves you know how to play chess. So it can work as a fun CAPTCHA on a chess-related website, but is unlikely to prove an adequate defence if it were adopted widely elsewhere.

Of course, some chess puzzles are harder than others – even for computers to solve.

For a bit of fun, take a look at the following chess puzzle. It’s White to move, and to mate the Black King in two moves.

Can you do it?

Chess puzzle. White to play, mate in two.

Leave a comment below if you think you know how to solve this (sneaky) puzzle.

Chess CAPTCHA solution: .# (ǝʌıɟ doɥsıq s,ƃuıʞ) 4F oʇ uǝǝnb ʞɔɐlq ǝɥʇ ƃuıʌoɯ ʎq ƃuıʞ ǝʇıɥʍ ǝɥʇ ǝʇɐɯʞɔǝɥɔ uɐɔ noʎ

Hat-tip: Reddit

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.