Making Defeating CAPTCHAs Harder for Bots
Nasser Mohammed Al-Fannah
TL;DR
This paper reviews and introduces safeguards to strengthen CAPTCHAs against bot circumvention, emphasizing usability and layered protection to improve security without compromising user experience.
Contribution
It presents five new safeguards and compares their effectiveness alongside existing ones, enhancing CAPTCHA resilience against automated attacks.
Findings
Seven existing safeguards analyzed
Five novel safeguards proposed
Layered safeguards improve CAPTCHA security
Abstract
For a number of years, many websites have used CAPTCHAs to filter out interactions by bots. However, attackers have found ways to circumvent CAPTCHAs by programming bots to solve or bypass them, or even relay them for humans to solve. In order to reduce the chances of success of such attacks, CAPTCHAs can be strengthened by the addition of certain safeguards. In this paper, we discuss seven existing safeguards as well as five novel safeguards designed to make circumventing CAPTCHAs harder. These safeguards are not mutually exclusive and can add multiple layers of protection to a CAPTCHA. We further provide a high-level comparison of their effectiveness in addressing the threat posed by CAPTCHA-defeating techniques. In order to focus on safeguards that are usable, we restrict our attention to those which have minimal adverse effect on the user experience.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsUser Authentication and Security Systems · Spam and Phishing Detection · Advanced Malware Detection Techniques