Abstract
Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) isa test that is integrated into web pages to determine whether an online user is a human or a bot.
Many variants have appeared since CAPTCHAs were initially proposed. The robustness of a
CAPTCHA depends upon how secure and usable it is. The success rate of breaking the current
CAPTCHA schemes is high, and attempts made to strengthen them have only increased
usability issues.
In this project, we conducted an online survey to understand the users’ opinions on the security
and usability aspects of current CAPTCHA schemes. Over 200 participants from both a
university campus and Amazon Mturk were recruited for the study. We then performed
statistical and thematic analyses on the survey data. Participants reported struggling to use
current CAPTCHA types due to their increasing difficulty. We observed frustration in users due
to various factors, including time, attempts, and the number of clicks it takes for users to pass a
CAPTCHA challenge. Things were no different regarding the security aspect. Participants
voiced their concerns about the availability and reliability of current CAPTCHA schemes.vi
Thus, we developed a prototype for an Invisible CAPTCHA to mitigate these problems. This
CAPTCHA type is a continuous authentication system that does not require users to solve any
challenge to distinguish bots and legit users, resulting in a frictionless user experience. We
conduct tests using the browser, operating system, and system activity of a user to detect bots.
We also evaluate our proposed system by performing usability and security analysis.