Web sites often provide information about products, services, etc. to users. Many web sites desire a user to “register” before their web servers will grant access to the user. During registration, a user typically supplies personal information such as, for example, a username, an account number, an address, a telephone number or an e-mail address to the registering web site. When registering a user for the first time, a web site may request that the user select a login identifier, or login ID, and an associated password. The login ID allows the web site to identify the user and retrieve information about the user during subsequent user visits to the web site. Generally, the login ID is unique to the web site such that no two users have the same login ID. The combination of the login ID and password associated with the login ID allows the web site to authenticate the user during subsequent visits to the web site. The password also prevents others, who do not know the password, from accessing the web site using the user's login ID.
Automated systems, such as, for example, automated “bots,” permit a malicious user to emulate human interaction with a web site for registering a large number of new accounts associated with fictitious users. Automated systems pose a problem because they can register fictitious users at a much faster rate than a human can. Such automated system registrations may have several undesirable consequences. For example, because many electronic mail (or e-mail) services allow users to filter out unsolicited mass mailings (i.e., spam) based on the sender's address, running automated systems to register new e-mail accounts enables the malicious user to continue sending spam from the new accounts in the face of such filtering.
Several techniques have been designed to prevent automated system registrations. For example, the concept of “Turing tests” for interrogating two unseen respondents, a human and a computer, has been developed to determine which of the two is the computer. Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) is a technique that creates puzzles designed to be solvable by humans but not by computers for distinguishing humans and computers over a network. Typically, the puzzles involve having the user read a sequence of characters from a visually cluttered image. CAPTCHA, thus, takes advantage of the ability of humans to distinguish certain kinds of images better than automated systems, such as, for example, bots.