CAPTCHAs: The good, the bad, and the ugly

Beitrag bei einer Tagung

Details zur Publikation

Autor(en): Baecher P, Fischlin M, Gordon L, Langenberg R, Lützow M, Schröder D
Jahr der Veröffentlichung: 2010
Seitenbereich: 353-365
ISBN: 9783885792642


A CAPTCHA is a program that generates challenges that are easy to solve for humans but difficult to solve for computers. The most common CAPTCHAs today are text-based ones where a short word is embedded in a cluttered image. In this paper, we survey the state-of-the-art of currently deployed CAPTCHAs, especially of some popular German sites. Surprisingly, despite their importance and the large-scale deployment, most of the CAPTCHAs like the ones of the "Umweltprämie", the Bundesfinanzagentur, and the Sparda-Bank are rather weak. Our results show that these CAPTCHAs are subject to automated attacks solving up to 80% of the puzzles. Furthermore, we suggest design criteria for "good" CAPTCHAs and for the system using them. In light of this we revisit the popular reCAPTCHA system and latest developments about its security. Finally, we discuss some alternative approaches for CAPTCHAs.

FAU-Autoren / FAU-Herausgeber

Schröder, Dominique Prof. Dr.
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)


Baecher, P., Fischlin, M., Gordon, L., Langenberg, R., Lützow, M., & Schröder, D. (2010). CAPTCHAs: The good, the bad, and the ugly. (pp. 353-365). Berlin.

Baecher, Paul, et al. "CAPTCHAs: The good, the bad, and the ugly." Proceedings of the Sicherheit 2010 - Sicherheit, Schutz und Zuverlassigkeit Beitrage der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft fur Informatik e.V. (GI) - 5th Annual Conference of the Department of Security of the Society for Informatics, Berlin 2010. 353-365.


Zuletzt aktualisiert 2018-10-08 um 13:39