Many security workflows include an authentication process that verifies the identity of an entity before permitting the entity to access a digital resource. A common form of knowledge-based authentication verifies the identity of an entity by requiring the entity to provide a text-based string, and comparing the text-based string to a secret (e.g., a password, a social security number, etc.) previously provided by the entity. However, requiring an entity to provide a secret to a service provider places the secret at risk of exposure during a security breach of the service provider.
Further, text input can be very limiting as an authentication credential, e.g., text input cannot be used to determine whether the entity is a human or non-human entity impersonating a human via programmatically-generated input. One common approach for distinguishing human-input from programmatically-generated input is implementing a CAPTCHA (“Completely Automated Public Turing test to tell Computers and Humans Apart”). Typically, a CAPTCHA challenge includes a prompt that is difficult for computers to correctly answer, but relatively easy for humans. For example, a CAPTCHA challenge may request that an entity provide a response to an image recognition challenge (e.g., prompting an entity to identify an item within an image or a location within a map). Unfortunately, CAPTCHA systems are incapable of distinguishing between human entities, and/or increasingly solvable by advanced computer programs (i.e., bots) capable of providing the correct response.
The drawing in which an element first appears is typically indicated by the leftmost digit or digits in the corresponding reference number.