CAPTCHA and its Alternatives: A Review

Abstract: Nowadays, because of the undeniable impact of the Internet on all aspects of human life, security preserving has received more attention. To reach an acceptable level of security, Completely Automatic Public Turing test to tell Computer and Human Apart or simply CAPTCHA as a security preserving tool has been tailored for situations that need to prevent bots from doing a specific action; for example, signing up and downloading. Simultaneously, it should be also designed in such a way to allow humans to perform … Show more

“…In this regard, problems of using CAPTCHAs may be considered from three major aspects as follows: From users' perspective, the most important issue of the CAPTCHA is related to quality of interaction with these tests. Generally, CAPTCHAs follow a negative security policy in which all claimed users considered as machines until they can pass the test [4]. However, such attitude toward genuine users is annoying and disrespectful; the main problem appears when real users, due to ambiguity of noisy text and other similar barriers cannot pass the presented tests.…”

“…There are several mechanisms for this purpose, including Honeypot trick [20] that tries to trap bots by making them to do something that human users could not, namely filling hidden form fields. The main problem with such methods is that when they will be employed widely, machines will simply be reprogrammed in such a way to circumvent them [4]. Another method in this regard is to excluding robots from entering websites by employing Robot Exclusion Protocols or simply Robot.txt fIles on the server.…”

“…CAPTCHA as a front-end and preventive security mechanism [4] formally defined as a program which can generate tests (based on hard AI problems) that most of the genuine users could pass while current computer programs cannot [1]. In other words, the CAPTCHA could be interpreted as a two-round authentication protocol (1) to protect target systems by presenting a challenge that human can (basically) pass while machines cannot [5].…”

CAPTCHAs, are those needed anymore?

“…In this regard, problems of using CAPTCHAs may be considered from three major aspects as follows: From users' perspective, the most important issue of the CAPTCHA is related to quality of interaction with these tests. Generally, CAPTCHAs follow a negative security policy in which all claimed users considered as machines until they can pass the test [4]. However, such attitude toward genuine users is annoying and disrespectful; the main problem appears when real users, due to ambiguity of noisy text and other similar barriers cannot pass the presented tests.…”

“…There are several mechanisms for this purpose, including Honeypot trick [20] that tries to trap bots by making them to do something that human users could not, namely filling hidden form fields. The main problem with such methods is that when they will be employed widely, machines will simply be reprogrammed in such a way to circumvent them [4]. Another method in this regard is to excluding robots from entering websites by employing Robot Exclusion Protocols or simply Robot.txt fIles on the server.…”

“…CAPTCHA as a front-end and preventive security mechanism [4] formally defined as a program which can generate tests (based on hard AI problems) that most of the genuine users could pass while current computer programs cannot [1]. In other words, the CAPTCHA could be interpreted as a two-round authentication protocol (1) to protect target systems by presenting a challenge that human can (basically) pass while machines cannot [5].…”

CAPTCHAs, are those needed anymore?

“…By following state of the art literature in CAPTCHA, at a first level we chose to investigate traditional textrecognition and image-recognition CAPTCHA mechanisms since these are currently the most widely researched and applied CAPTCHA scheme categories (Bursztein et al, 2010;Zhu et al, 2010;Moradi and Keyvanpour, 2014). In particular, the choice was based on the fact that solving each CAPTCHA challenge (text-and imagerecognition) requires processing and recognition of text or images in which users utilize their verbal and image cognitive sub-systems that are related to the Verbal/Imager cognitive style theory referred in this work (Riding and Cheema, 1991).…”

“…In this realm, aiming to improve the user experience during such interactions, but at the same time preserve security of applications and services, researchers promote different visual and interaction designs of CAPTCHA challenges (see Moradi and Keyvanpour (2014) for a recent review). Current CAPTCHA implementations can be classified into three broad categories: text-recognition, image-recognition, and speech-recognition.…”

Do human cognitive differences in information processing affect preference and performance of CAPTCHA?

Threat Modeling for Breaking of CAPTCHA System