CAPTCHA – Security affecting User Experience

Gafni, Ruti; Nagar, Idan

doi:10.28945/3469

Cited by 5 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This may give frustration to the user and reduce the interest of the user towards using a particular web service. A study has been carried out to investigate users' experiences and attitudes with different types of CAPTCHA tests (Gafni and Nagar, 2016). It is also suggested that the CAPTCHA test should be such that it protects web services from bots and not to exhaust persons with the difficult and confusing test.…”

Section: Related Workmentioning

confidence: 99%

“…However, this complex text CAPTCHA makes it difficult for the human to pass the test in a single attempt. This results in multiple attempts which are frustrating to the users (Yan and El Ahmad, 2008b;Gafni and Nagar, 2016). Hence, there is a need to design a text CAPTCHA which is difficult for the bots and easy for humans to pass the CAPTCHA test.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

VIKAS: a new virtual keyboard-based simple and efficient text CAPTCHA verification scheme

Thakkar

Patel

2020

IJICS

View full text Add to dashboard Cite

Nowadays online transactions are becoming ubiquitous that must be protected from bots using different techniques, and CAPTCHA is one of them. Text-CAPTCHA preferred due to its simplicity amongst different types of CAPTCHAs. Text-CAPTCHA can be strengthened by adding some distortion to prevent bot-attacks but cause usability issues for humans. This results in multiple attempts by a user to gain access to the required service and may give frustration to the user. Hence, there is a need to design CAPTCHA which is easy for humans to recognise but difficult for bots. This paper proposes virtual keyboard-based simple and efficient text-CAPTCHA verification scheme (VIKAS) that makes CAPTCHA verification easy for humans but difficult for bots. VIKAS uses simple text-CAPTCHA and verifies the same using positions of the keys pressed by the user using an image-based virtual keyboard. VIKAS is sustainable against segmentation scheme, replay attacks and possible attacks with keyloggers.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

VIKAS: a new virtual keyboard-based simple and efficient text CAPTCHA verification scheme

Thakkar

Patel

2020

IJICS

View full text Add to dashboard Cite

show abstract

“…CAPTCHAs are widely deployed across the internet to identify and block fraudulent non-human traffic. The major downsides of current CAPTCHA solutions (e.g., Securimage [4], hCaptcha [5]) include: (i) questionable accuracy: various past works demonstrate how CAPTCHAs can be solved within milliseconds [6][7][8][9][10], (ii) added friction: additional user actions are required (e.g., image, audio, math, or textual challenges) that significantly impoverish the user experience [11], especially on mobile devices, (iii) discrimination: poor implementations often block access to content [12], especially to visualimpaired users [13] (iv) serious privacy implications: to reduce friction, Google's reCAPTCHAv3 [14] replaces proof-of-work challenges with extensive user tracking. Google's servers attest user's humanness by collecting and validating behavioral data [15] (i.e., typing patterns, mouse clicks, stored cookies, installed plugins), thus raising significant privacy concerns [16][17][18].…”

Section: Introductionmentioning

confidence: 99%

ZKSENSE: A Friction-less Privacy-Preserving Human Attestation Mechanism for Mobile Devices

Querejeta-Azurmendi

Papadopoulos

Varvello

et al. 2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Recent studies show that 20.4% of the internet traffic originates from automated agents. To identify and block such ill-intentioned traffic, mechanisms that verify the humanness of the user are widely deployed, with CAPTCHAs being the most popular. Traditional CAPTCHAs require extra user effort (e.g., solving mathematical puzzles), which can severely downgrade the end-user’s experience, especially on mobile, and provide sporadic humanness verification of questionable accuracy. More recent solutions like Google’s reCAPTCHA v3, leverage user data, thus raising significant privacy concerns. To address these issues, we present zkSENSE: the first zero-knowledge proof-based humanness attestation system for mobile devices. zkSENSE moves the human attestation to the edge: onto the user’s very own device, where humanness of the user is assessed in a privacy-preserving and seamless manner. zkSENSE achieves this by classifying motion sensor outputs of the mobile device, based on a model trained by using both publicly available sensor data and data collected from a small group of volunteers. To ensure the integrity of the process, the classification result is enclosed in a zero-knowledge proof of humanness that can be safely shared with a remote server. We implement zkSENSE as an Android service to demonstrate its effectiveness and practicality. In our evaluation, we show that zkSENSE successfully verifies the humanness of a user across a variety of attacking scenarios and demonstrate 92% accuracy. On a two years old Samsung S9, zkSENSE’s attestation takes around 3 seconds (when visual CAPTCHAs need 9.8 seconds) and consumes a negligible amount of battery.

show abstract

“…These tests are named ‘CAPTCHA’ (Completely Automated Public Turing Test to tell Computers and Humans Apart). The classical tests consist of those almost illegible words, which are proposed by many websites, and which one has to decipher and rewrite correctly in order to demonstrate that one is not a robot (Abrich et al, 2011; Gafni and Nagar, 2016). According to Brodić et al, (2016), the reasons for using CAPTCHA are the following: they prevent spams on forums, they avoid having a large number of orders opened by users on sites that offer free services like Gmail, they protect user accounts from attacks through which bots discover users’ passwords and they concur to defend the validity of online surveys by detecting whether humans or bots answer the questionnaires.…”

Section: Introductionmentioning

confidence: 99%

“…Specifically, users' experience is analysed mainly in terms of response time for each test and rate of success (Gafni and Nagar, 2016) or in terms of limited website usability by respondents with all kinds of different disabilities (Pieper, 2012). In these type of studies, generally users are conceptualized in an instrumental way to understand better the functioning of the CAPTCHA tests.…”

Section: Introductionmentioning

confidence: 99%

You need to show that you are not a robot

Fortunati

Manganelli

Cavallo

et al. 2019

New Media & Society

View full text Add to dashboard Cite

Given that today 60% of Internet traffic is generated by bots, ‘CAPTCHA’ (Completely Automated Public Turing Test to tell Computers and Humans Apart) tests that are supposedly impossible to be done by robots have been introduced. What are the cognitive and emotional effects of these tests on Internet users? Does this request to demonstrate they are not a robot affect users’ identity as human beings? To answer these questions, we selected two groups (117 and 116 respondents, respectively). An online questionnaire that differed only in the task was proposed: we asked the first group to complete some CAPTCHA tests, and the second group to complete some logic tests. In addition to other questions in both versions, we introduced the TLX scale (NASA). Preliminary results show that CAPTCHA execution is associated with feelings of alienation and that the user’s self-perception of humanity is influenced by the execution of the two different types of test.

show abstract

CAPTCHA – Security affecting User Experience

Cited by 5 publications

References 6 publications

VIKAS: a new virtual keyboard-based simple and efficient text CAPTCHA verification scheme

VIKAS: a new virtual keyboard-based simple and efficient text CAPTCHA verification scheme

ZKSENSE: A Friction-less Privacy-Preserving Human Attestation Mechanism for Mobile Devices

You need to show that you are not a robot

Contact Info

Product

Resources

About