As a means of distinguishing whether a user is an authorized user or an unauthorized user, a verification code may effectively prevent wrong hands from using automated programs to violently break passwords, brush tickets, mass posting of comments in the forums and perform other malicious actions.
At present, a common verification code is WYSIWYG type verification code, the fundamental principle of which is as follows: a server generates a string of random numbers or symbols into a picture, adds some interference elements in the picture and then issues to a client, where the interference in the picture may be a number of straight lines drawn at random or noise or the like; and after the client receives the picture, a user identifies the verification code in the picture with the naked eyes, and then inputs the verification code into a form to be submitted to the server for verification. The user may use a certain function in the client only after the verification is successful.
Another common verification code is mobile phone verification code. In this solution, an available mobile phone number is required from a user, a server generates a string of verification code at random and issues the verification code to the mobile phone by means of text messages or phone calls; and then, the user submits the received verification code to the server in a form for verification. The user may use a certain function in the mobile phone only after the verification is successful.
The major disadvantage of the above first verification code is that the problem of manual coding may not be solved. For the same verification picture, the input results of all people are the same. Some unauthorized users employ specialized coding personnel to input the verification code according to the content of the verification picture after stealing accounts, passwords and other personal information, so as to perform unauthorized operations. Therefore, for the way of manual coding by unauthorized users, effective verification may not be implemented using the above verification code.
While in the solution of mobile phone verification code, an available mobile phone number is required from a user. However, many users may not have mobile phones or may not carry mobile phones around. As a result, such verification code is limited by the application scenarios and may not be used at scale. Meanwhile, as the verification code is issued by operators, the operating cost at the server side is extremely high.