Elie Bursztein
Steven Bethard
John C. Mitchell
ABSTRACT
Websites present users with puzzles called CAPTCHAs to curb abuse caused by computer algorithms masquerading as people. While CAPTCHAs are generally effective at stopping abuse, they might impair website usability if they are not properly designed. In this paper we describe how we designed two new CAPTCHA schemes for Google that focus on maximizing usability. We began by running an evaluation on Amazon Mechanical Turk with over 27,000 respondents to test the usability of different feature combinations. Then we studied user preferences using Google's consumer survey infrastructure. Finally, drawing on the insights gleaned during those studies, we tested our new captcha schemes first on Mechanical Turk and then on a fraction of production traffic. The resulting scheme is now an integral part of our production system and is served to millions of users. Our scheme achieved a 95.3% human accuracy, a 6.7.
- A. S. E. Ahmad, J. Yan, and M. Tayara. The robustness of google captchas. Technical report, New Castle, 2011.Google Scholar
- H. S. Baird and T. P. Riopka. Scattertype: a reading captcha resistant to segmentation attack. In Electronic Imaging 2005, pages 197--207. International Society for Optics and Photonics, 2005.Google Scholar
- M. Bernard, C. H. Liao, and M. Mills. The effects of font type and size on the legibility and reading time of online text by older adults. In CHI '01: CHI '01 extended abstracts on Human factors in computing systems, pages 175--176, New York, NY, USA, 2001. ACM. Google ScholarDigital Library
- J. P. Bigham and A. C. Cavender. Evaluating existing audio captchas and an interface optimized for non-visual use. In ACM Conference on Human Factors in Computing Systems, 2009. Google ScholarDigital Library
- E. Bursztein, S. Bethard, J. C. Mitchell, D. Jurafsky, and C. Fabry. How good are humans at solving captchas' a large scale evaluation. In Security and Privacy, 2010. Google ScholarDigital Library
- E. Bursztein, M. Martin, and J. Mitchell. Text-based captcha strengths and weaknesses. In Proceedings of the 18th ACM conference on Computer and communications security, pages 125--138. ACM, 2011. Google ScholarDigital Library
- K. Chellapilla, K. Larson, P. Simard, and M. Czerwinski. Computers beat humans at single character recognition in reading based human interaction proofs (hips). In CEAS, 2005.Google Scholar
- K. Chellapilla, K. Larson, P. Simard, and M. Czerwinski. Designing human friendly human interaction proofs (hips). In Proceedings of the SIGCHI conference on Human factors in computing systems, pages 711--720. ACM, 2005. Google ScholarDigital Library
- C. Cruz-Perez, O. Starostenko, F. Uceda-Ponga, V. Alarcon-Aquino, and L. Reyes-Cabrera. Breaking recaptchas with unpredictable collapse: heuristic character segmentation and recognition. In Pattern Recognition, pages 155--165. Springer, 2012. Google ScholarDigital Library
- Google. Google consumer surveys. http: //www.google.com/insights/consumersurveys/home.Google Scholar
- P. S. K Chellapilla, K Larson and M. Czerwinski. Designing human friendly human interaction proofs. In ACM, editor, CHI05, 2005. Google ScholarDigital Library
- A. Kittur, E. H. Chi, and B. Suh. Crowdsourcing user studies with mechanical turk. In CHI '08: Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, pages 453--456, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- K. A. Kluever and R. Zanibbi. Balancing usability and security in a video captcha. In SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security, pages 1--11, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- K. Larson, M. van Dantzich, M. Czerwinski, and G. Robertson. Text in 3d: some legibility results. In CHI '00: CHI '00 extended abstracts on Human factors in computing systems, pages 145--146, New York, NY, USA, 2000. ACM. Google ScholarDigital Library
- P. McDonald, M. Mohebbi, and B. Slatkin. Comparing google consumer surveys to existing probability and non-probability based internet surveys. Technical report, Google, 2012.Google Scholar
- H. Motulsky and L. Ransnas. Fitting curves to data using nonlinear regression: a practical and nonmathematical review. The FASEB journal, 1(5):365--374, 1987.Google ScholarCross Ref
- T. Mustonen, M. Olkkonen, and J. Hakkinen. Examining mobile phone text legibility while walking. In CHI '04: CHI '04 extended abstracts on Human factors in computing systems, pages 1243--1246, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- M. Naor. Verification of a human in the loop or Identification via the turing test. Available electronically: http://www.wisdom.weizmann.ac.il/~naor/PAPERS/ human.ps, 1997.Google Scholar
- J. Ross, L. Irani, M. Silberman, A. Zaldivar, and B. Tomlinson. Who are the crowdworkers': shifting demographics in mechanical turk. In CHI'10: 28th international conference on Human factors in computing systems, pages 2863--2872. ACM, 2010. Google ScholarDigital Library
- T. Strutz. Data Fitting and Uncertainty: A Practical Introduction to Weighted Least Squares and Beyond. Vieweg and Teubner, 2010. Google ScholarDigital Library
- K. Thomas, D. McCoy, C. Grier, A. Kolcz, and V. Paxson. Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse. In Proceedings of the USENIX Security Symposium, August 2013. Google ScholarDigital Library
- M. Toomim, T. Kriplean, C. P "ortner, and J. Landay. Utility of human-computer interactions: toward a science of preference measurement. In Proceedings of the 2011 annual conference on Human factors in computing systems, pages 2275--2284. ACM, 2011. Google ScholarDigital Library
- Y. Xu, G. Reynaga, S. Chiasson, J.-M. Frahm, F. Monrose, and P. van Oorschot. Security and usability challenges of moving-object captchas: Decoding codewords in motion. In Usenix Security, 2012. Google ScholarDigital Library
- J. Yan and A. S. E. Ahmad. A low-cost attack on a microsoft captcha. http://bit.ly/nfpEis, 2008.Google Scholar
- J. Yan and A. S. El Ahmad. Usability of captchas or usability issues in captcha design. In SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security, pages 44--52, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
Index Terms
- Easy does it: more usable CAPTCHAs
Recommendations
On the necessity of user-friendly CAPTCHA
CHI '11: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsA "Completely Automated Public Turing test to tell Computers and Humans Apart" (CAPTCHA) is a mechanism widely used nowadays for protection of web applications, interfaces, and services from malicious users. A questionnaire-based survey combined with a ...
Gotta CAPTCHA ’Em All: A Survey of 20 Years of the Human-or-computer Dilemma
A recent study has found that malicious bots generated nearly a quarter of overall website traffic in 2019 [102]. These malicious bots perform activities such as price and content scraping, account creation and takeover, credit card fraud, denial of ...
Usability of CAPTCHAs or usability issues in CAPTCHA design
SOUPS '08: Proceedings of the 4th symposium on Usable privacy and securityCAPTCHA is now almost a standard security technology, and has found widespread application in commercial websites. Usability and robustness are two fundamental issues with CAPTCHA, and they often interconnect with each other. This paper discusses ...
Comments