Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Sicherheit 2010 Sicherheit, Schutz und Zuverlässigkeit P-170, 353-365 (2010).

Gesellschaft für Informatik, Bonn

Copyright © Gesellschaft für Informatik, Bonn


Captchas: the good, the bad, and the ugly

Paul Baecher , Marc Gordon Lior Fischlin , Robert Langenberg , Michael Lützow and Dominique Schröder


A CAPTCHA is a program that generates challenges that are easy to solve for humans but difficult to solve for computers. The most common CAPTCHAs today are text-based ones where a short word is embedded in a cluttered image. In this paper, we survey the state-of-the-art of currently deployed CAPTCHAs, especially of some popular German sites. Surprisingly, despite their importance and the largescale deployment, most of the CAPTCHAs like the ones of the “Umweltprämie”, the Bundesfinanzagentur, and the Sparda-Bank are rather weak. Our results show that these CAPTCHAs are subject to automated attacks solving up to 80\% of the puzzles. Furthermore, we suggest design criteria for “good” CAPTCHAs and for the system using them. In light of this we revisit the popular reCAPTCHA system and latest developments about its security. Finally, we discuss some alternative approaches for CAPTCHAs.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-264-2

Last changed 04.10.2013 18:32:26