CAPTCHAs: The good, the bad, and the ugly

Baecher P, Fischlin M, Gordon L, Langenberg R, Lützow M, Schröder D (2010)


Publication Status: Published

Publication Type: Conference contribution, Conference Contribution

Publication year: 2010

Pages Range: 353-365

Event location: Berlin

ISBN: 9783885792642

URI: https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=84855346060&origin=inward

Abstract

A CAPTCHA is a program that generates challenges that are easy to solve for humans but difficult to solve for computers. The most common CAPTCHAs today are text-based ones where a short word is embedded in a cluttered image. In this paper, we survey the state-of-the-art of currently deployed CAPTCHAs, especially of some popular German sites. Surprisingly, despite their importance and the large-scale deployment, most of the CAPTCHAs like the ones of the "Umweltprämie", the Bundesfinanzagentur, and the Sparda-Bank are rather weak. Our results show that these CAPTCHAs are subject to automated attacks solving up to 80% of the puzzles. Furthermore, we suggest design criteria for "good" CAPTCHAs and for the system using them. In light of this we revisit the popular reCAPTCHA system and latest developments about its security. Finally, we discuss some alternative approaches for CAPTCHAs.

Authors with CRIS profile

How to cite

APA:

Baecher, P., Fischlin, M., Gordon, L., Langenberg, R., Lützow, M., & Schröder, D. (2010). CAPTCHAs: The good, the bad, and the ugly. In Proceedings of the Sicherheit 2010 - Sicherheit, Schutz und Zuverlassigkeit Beitrage der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft fur Informatik e.V. (GI) - 5th Annual Conference of the Department of Security of the Society for Informatics (pp. 353-365). Berlin.

MLA:

Baecher, Paul, et al. "CAPTCHAs: The good, the bad, and the ugly." Proceedings of the Sicherheit 2010 - Sicherheit, Schutz und Zuverlassigkeit Beitrage der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft fur Informatik e.V. (GI) - 5th Annual Conference of the Department of Security of the Society for Informatics, Berlin 2010. 353-365.

BibTeX: Download