As understood herein, web-based services and sites that require little or no user/client authentication but consume a non-trivial portion of cloud resources are subject to automated spamming or attacks. An adversary can set up an automated bot that can flood the web server with requests much faster than any set of humans could issue those requests. As a result, there exists a need to validate whether a request is coming from a human or from an automated attack bot/software.
The industry standard is to employ a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). However, conventional CAPTCHAs are often cumbersome for users to input. Furthermore, conventional CAPTCHAs are even more difficult to enter with devices such as but not limited to game controller devices that have limited inputs (as opposed to a keyboard and mouse with a much greater input space).