With rapid advance of network communication technology, there are more and more network services that are becoming essential for our everyday lives, such as e-mail service, bulletin board system (BBS), on-line train ticket reservation/purchase service, and so on. For preventing those network services from being abused or attacked by hackers, a program of Completely Automated Public Turing Test to tell Computers and Humans Apart, i.e. CAPTCHA, is provided to be used for telling whether its user is a human or a computer. CAPTCHA nowadays are commonly used in many websites to determine whether the user is human, and thus to prevent abuse from bots, or automated programs usually written to generate spam.
A common type of CAPTCHA, being a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person, requires the user to type letters or digits from a distorted image that appears on the screen. Like any security system, CAPTCHA implementations, especially those which have not been designed and reviewed by experts in the fields of security, are prone to common attacks using optical character recognition (OCR) means or other automatic recognition means. With the improvement of the automatic recognition means for beating visual CAPTCHAs, the success rate of recognition is becoming higher and higher, and responsively recent CAPTCHA systems have to generate a string of text/digit with even higher distortion just for blocking those automatic recognition means for beating visual CAPTCHAs. However, the string of text/digit that is highly distorted may sometimes even be difficult for a human user to recognize. Consequently, the user may have to refresh the web service using the CAPTCHA system again and again until finally a recognizable string of text/digit had popper up, and then the user is able to enter the correct solution to the CAPTCHA system for using the web service. Therefore, such CAPCHA systems may be the cause of inconvenience and complaint as it may cause any user to spend a conceivable amount of time just to pass the CAPTCHA test for entering the web service.