Survey on Various Types of CAPTCHA Techniques

Sangeeta Jangral Satinder Kaur Amandeep Kaur

Department of Computer Science Department of Computer Science Department of Computer Science
Guru Nanak Dev University, Amritsar Guru Nanak Dev University, Amritsar Guru Nanak Dev University, Amritsar
sangeetajan000@gmail.com satinder.dcet@gndu.ac.in amandeep.cse@gndu.ac.in
orcid: 0000-0002-2572-5177 orcid: 0000-0002-8359-3619 orcid: 0000-0002-1947-0104
ABSTRACT The use of the Internet 2.1 Text-based CAPTCHAs
is very popular nowadays, but it also brings security problems.
CAPTCHA (Completely Automated Public Turing Test to tell The most common type of CAPTCHA is text-based, in which
Computers and Humans Apart) is designed to differentiate humans some text is given in distorted form that contains case-sensitive
from robotic computers. It plays an essential role in a lot of letters and digits. Text-based CAPTCHA is deployed in famous
security applications for prohibiting automatic registration websites like Yahoo, Hotmail, Gmail, YouTube, PayPal, etc. [6].
conducted by bots. This paper aims to discuss different variations Figure 1 shows the Text-based CAPTCHAs.
of CAPTCHAs such as Text-based, Image-based, Audio-based,
Video-based, and Puzzle-based. It highlights the strengths and
weaknesses of these types of CAPTCHAs. Moreover, it layouts
the various applications and issues in using CAPTCHAs.

Keywords CAPTCHA, Types,

Applications, Issues.

1. INTRODUCTION
CAPTCHA was invented in 2000 at Carnegie Mellon University
by John Langford, Nicholas J. Hooper, and Luis Von Ahn [1].
CAPTCHA is a descriptor for “Completely Automated Public Figure 1:Text-based CAPTCHA [20]
Turning Test to tell Computers and Humans Apart” [2,3]. As the
amount of information and applications grows over time, the Text-based CAPTCHA can be implemented by using various
importance of preserving security attracts more attention. There methods like Gimpy, EZ-Gimpy, and Baffle-Text [9].
are many foul users like attackers, hackers, and spammers who
want to have unauthorized access to these applications 2.1.1 Gimpy-CAPTCHA
(information), spam, hack accounts and do other maltreatment.
It is based on optical character recognition (OCR). A sequence of
CAPTCHA is used where authorized access is a special concern.
characters is presented as distorted and corrupted images by
Many web services like Yahoo, Google, Bing, etc. use CAPTCHA
adding black and white lines and making non-linear modifications.
to contrast between an authenticated user and a malicious
Users should enter the correct words that are given in the image to
program. CAPTCHAs are also used in the sites that provide access
gain access to the service. Figure 2 presents the Gimpy
to sensitive data, such as credit card accounts and banks. It acts as
CAPTCHA.
a shield that can protect websites from bots. It usually generates
and evaluates a test that is easy for humans to solve but difficult
for automaton [4]. Many different variants of CAPTCHA have
been proposed and used for various applications over the years.
The main contribution of this study is to review, classify, and
compare CAPTCHAs of different types. The rest of the paper is
organised as follows: Section 2 consists of Types of CAPTCHAs,
Section 3 and Section 4 contain Applications and Issues
respectively, Section 5 includes a Comparison Table, Conclusion
is given in Section 6, and Section 7 contains References.

2. TYPES OF CAPTCHA Figure 2: Gimpy method [5]

CAPTCHA helps in authenticating that a real person is accessing 2.1.2 EZ-Gimpy

the web content to block spammers and bots that try to access the
content on the website. CAPTCHA can be categorized into many It is a simple version of the Gimpy CAPTCHA. It is developed by
types [5]. Some of them are given below: Henry Baird [18]. In this case, a single word is selected from a
dictionary and applies distortion to the text. The user has to
identify the misshaped text correctly. This method is used in chat
rooms in Yahoo as well as for authentication purposes while
signing up. It is not a good implementation and has already been
defeated by OCRs. EZ-Gimpy was broken by Mori et al [8]. This
method is illustrated in Figure 3.

Figure 3: EZ-Gimpy method [21]

2.1.3 Baffle-Text method

This method is designed at California University at Berkeley by
Henry Baird [1]. In this type of CAPTCHA, words that are not
part of the British vocabulary are shown to the user. Various words
can be manipulated in printing and scanning schemes. Moreover,
there is one more technique called threshold that can change the
image in monochrome and also revert. Then the user has to enter Figure 5: Image-based CAPTCHA (Select all the images with
the right word. The idea behind Baffle text is to minimize the crosswalks)
small dictionary problem by using nonsense words where a human
can use inference to solve the problem, but computer programs
cannot [7,17]. Figure 4 shows the Baffle-Text method. 2.3 Audio-based CAPTCHAs
Audio-Based CAPTCHAs work upon sound-based systems. These
are developed for visually impaired users and often used in
combination with text or image-based CAPTCHAs. It is based on
the difference in ability between humans and computers in
recognizing spoken language[11]. Audio CAPTCHA presents an
audio recording that contains a series of numbers or letters. The
Figure 4: Baffle-Text method [18] user has to listen to the clip and submit the answer accordingly.
Then, the response is analyzed to verify whether it is the requested
sentence and said by a human, not a speech synthesis system.
Figure 6 shows the Audio-based CAPTCHA.
2.2 Image-based CAPTCHAs
These are developed to replace text-based ones. In contrast to text-
based ones, they usually do not require users to read any text. This
type is based on an image recognition task. This type of
CAPTCHA takes advantage of computers’ weakness in vision to
deal with images. The user has been given many images and the
user has to click on some particular images out of those
images.This method has taken the advantage of the semantic gap
Figure 6: Audio-based method [19]
between humans and machines [10]. Figure 5 presents the Image-
based CAPTCHA.
2.4 Video-based CAPTCHAs
These are new type of CAPTCHAs and are not very common. The
video is shown to the user and the user has to see that video
carefully. After that, questions and options are shown to the user
and the user has to select the correct option according to the
question asked. Its advantage is that it is very hard to solve by
bots.
2.5 Puzzle-based CAPTCHAs
The architecture of the puzzle-based system consists of three main
parts, which are the collection of images, the image processing
engine, and the user interface [13]. In this method, an original
picture and this same picture divided into many parts are shown to
the user. To solve the CAPTCHA, the user has to arrange their
parts in the right manner to form the correct and original picture.
Puzzle-based CAPTCHA is illustrated in Figure 7.
Figure 7: Puzzle-based CAPTCHA [22]
4. ISSUES IN USING CAPTCHA
3. APPLICATIONS OF CAPTCHA
1. Protecting website registration: Most of the websites,
which have free registration such as email provider services,
are the target of bots’ attacks that sign up for thousands of
email accounts [12]. It can prevent bots to access the
services and from creating multiple accounts on services like
Gmail, Hotmail, or Yahoo Mail. In general, free services
should be protected by a CAPTCHA to prevent abuses by
automated scripts.
2. Preventing False Comments: It also helps websites
prevent the posting of spammed messages or false
comments. Using CAPTCHA, only humans can leave
5. COMPARISON TABLE
comments on blogs, and no legitimate comments are ever
lost.
3. Maintain Poll Accuracy: CAPTCHA is a useful means
for holding safe and protected online polls and surveys. It is
used to ensure that only human can make the response in the
online polls and surveys.
4. To Prevent Ticket Inflation: Websites that sell tickets to
events like concerts or sports games use CAPTCHA to
prevent ticket inflation and restrict the number of tickets that
users can purchase. Also, websites can ensure legitimate
customers can buy tickets at fair prices.
5. To avoid web crawling: By using CAPTCHA, the
website can restrict itself to get indexed by a search engine.
6. Protecting Email Addresses from
Scrappers: CAPTCHAs give full proof mechanism to hide
your email address from scrapers. User is required to solve a
CAPTCHA before showing email address [14]. 
7. Preventing Dictionary Attacks: CAPTCHAs can also be
used to prevent dictionary attacks in password systems [15].
If many unsuccessful attempts for login are made by the user
then CAPTCHA is provided to the user.
1. Bad User Experience: CAPTCHA tests are not the most
user-friendly tools and sometimes can cause frustration to
the users.
2. Visually Impaired Visitors: Some CAPTCHAs are not
accessible by visually impaired people, thus audio
CAPTCHAs are there for Visually Impaired users [16].
3. Not fully bot-proof: Some of the CAPTCHA tests can be
fooled through the use of bots and should not be relied upon
to protect websites.
4. Traffic drop: Using CAPTCHA on websites drops the
traffic and traffic drops leading to the loss of the owner of
that website.
 I. Table 1: COMPARISON BETWEEN DIFFERENT TYPES OF CAPTCHAs

Type of Parameters comparison

CAPTCHA Audio-based Good Yes Difficult Humans can
Security Accessibility Usability CAPTCHA the audio wi
(Usable for (Easy or difficult difficult.
visible impair to use)
people)
Text-based Good No Average Video-based Good No Difficult It cannot bre
CAPTCHA CAPTCHA laundry attac

Puzzle-based Average No Difficult It seems like

CAPTCHA Very difficul
Image-based Good No Easy rearrange se
CAPTCHA image.

6. CONCLUSION
CAPTCHA plays a very essential role in website security. It
prevents bot programs and hackers from abusing online services.
This study has explored various CAPTCHA types, and their
applications, along with their pros and cons. This study would be
highly useful to researchers who want to perform research on
particular CAPTCHA techniques. Moreover, Scientists can also
select the combination of various CAPTCHA techniques that can
be helpful in specific application areas.
[4] Ahn, L. V., Blum, M., Hopper, N. J., & Langford, J. (2003,
May). CAPTCHA: Using hard AI problems for security.
In International conference on the theory and applications of
cryptographic techniques (pp. 294-311). Springer, Berlin,
Heidelberg.
[5] Hasan, W. K. A. (2016). A survey of current research on
captcha. Int. J. Comput. Sci. Eng. Surv.(IJCSES), 7(3), 141-
157.
[6] Al-Sudani, W., Gill, A., Li, C., Wang, J., & Liu, F. (2010,
November). Protection through multimedia captchas.
In Proceedings of the 8th International Conference on
Advances in Mobile Computing and Multimedia (pp. 63-68).

7. REFERENCES [7] Mori, G., & Malik, J. (2003, June). Recognizing objects in
adversarial clutter: Breaking a visual CAPTCHA. In 2003
IEEE Computer Society Conference on Computer Vision
[1] Lee, W. B., Fan, C. W., Ho, K., & Dow, C. R. (2012,
and Pattern Recognition, 2003. Proceedings. (Vol. 1, pp. I-I).
November). A CAPTCHA with tips related to alphabets
IEEE.
upper or lower case. In 2012 Seventh International
Conference on Broadband, Wireless Computing,
[8] Singh, V. P., & Pal, P. (2014). Survey of different types of
Communication and Applications (pp. 458-461). IEEE.
CAPTCHA. International Journal of computer science and
information technologies, 5(2), 2242-2245.
[2] Challa, R. K. (2020, December). CAPTCHA: A Systematic
Review. In 2020 IEEE International Conference on Advent
[9] Smeulders, A. W., Worring, M., Santini, S., Gupta, A., &
Trends in Multidisciplinary Research and Innovation
Jain, R. (2000). Content-based image retrieval at the end of
(ICATMRI) (pp. 1-8). IEEE..
the early years. IEEE Transactions on pattern analysis and
machine intelligence, 22(12), 1349-1380.
[3] Pope, C., & Kaur, K. (2005). Is it human or computer?
[10] Choudhary, S., Saroha, R., Dahiya, Y., & Choudhary, S.
Defending E-commerce with Captchas. IT
(2013). Understanding CAPTCHA: text and audio based
professional, 7(2), 43-49.
CAPTCHA with its applications. International Journal of
 Advanced Research in Computer Science and Software [22] https://www.researchgate.net/profile/Firkhan-Ali/
Engineering, 3(6). publication/286583881/figure/download/fig4/
AS:388247961260043@1469576935942/CAPTCHA-
[11] Jeng, A. B., Tseng, C. C., Tseng, D. F., & Wang, J. C. (2010, puzzle-based-system-on-registration-form.png
November). A study of CAPTCHA and its application to
user authentication. In International Conference on
Computational Collective Intelligence (pp. 433-440).
Springer, Berlin, Heidelberg.

[12] Ali, F. A. B. H., & Karim, F. B. (2014, September).

Development of CAPTCHA system based on puzzle.
In 2014 International Conference on Computer,
Communications, and Control Technology (I4CT) (pp. 426-
428). IEEE.

[13] Pandey, Y., & Lothe, D. (2014). Evaluating the usability and
security of a spelling based CAPTCHA system. International
Journal of Computer Science and Information
Technologies, 5(3).

[14] Pinkas, B., & Sander, T. (2002). Securing passwords against

dictionary attacks. In proceedings of the 9th ACM
conference on Computer and communications security.

[15] 16. Solanki, S., Krishnan, G., Sampath, V., & Polakis, J.
(2017, November). In (cyber) space bots can hear you speak:
Breaking audio CAPTCHAs using ots speech recognition.
In Proceedings of the 10th ACM Workshop on Artificial
Intelligence and Security (pp. 69-80).

[16] ur Rizwan, R. (2012). Survey on captcha systems. Journal of

Global Research in Computer Science, 3(6), 54-58.

[17] Shirali-Shahreza, M., & Shirali-Shahreza, S. (2008,

October). Dynamic captcha. In 2008 International
Symposium on Communications and Information
Technologies (pp. 436-440). IEEE..

[18] Kaur, K., & Behal, S. (2014). Captcha and its techniques: a
review. International Journal of Computer Science and
Information Technologies, 5(5), 6341-6344.

[19] https://cdn.arstechnica.net/wp-content/uploads/archive/
news.media/AudioReCaptcha.png

[20] https://image.slideserve.com/270264/text-based-captchas1-
l.jpg

[21] https://www.berkeley.edu/news/media/releases/2002/12/
images/gimpy.jpg