A CAPTCHA, which is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart,” is one type of challenge-response test used in computing to assist in determining whether or not a user is human or non-human. CAPTCHAs are typically thought of as automated tests that humans can pass with relatively little effort, but that most computer programs cannot pass, even with great effort.
The use of CAPTCHAs has become ubiquitous on the Internet in recent years as a security countermeasure against software programs that try to impersonate humans and interact with web applications designed for human use, often for malicious purposes. Examples of such programs include computers bots, programs responsible for distributed denial-of-service (DDoS) attacks, Web content “scraping” programs, and the like. While several different CAPTCHA schemes have been developed over the years, the software programs themselves have gotten smarter and as a result several existing CAPTCHA schemes have been “broken,” i.e., automated programs have been crafted that can solve CAPTCHAs without human input, often through the use of machine learning, computer vision, and pattern recognition algorithms. This has led to something similar to a continual “arms race” between CAPTCHA developers that attempt to create more secure CAPTCHAs and the attackers that try to break them.
The development of a good CAPTCHA scheme is not easy, as a CAPTCHA must, by definition, be secure against automated attacks while simultaneously being human-friendly. Most CAPTCHAs in use today are text-based CAPTCHAs, in which distorted, noisy, or obfuscated text is displayed and a human has to identify the text and type it into an input box. To prevent such text-based CAPTCHAs from being “broken,” developers have retreated to increasing the “noise” present in these CAPTCHAs to make it harder for the software programs to detect the embedded text. However, although increasing the noise makes it harder for the automated programs to break the CAPTCHA, it also makes it more difficult for a human to read and solve the CAPTCHA, leading inadvertently to increased human input errors.