Strengthening CAPTCHA-based Web security

Graeme Baxter Bell


Simple, universally applicable strategies can help any captcha–protected system resist automated attacks and can improve the ability of administrators to detect attacks. The strategies discussed here cause an exponential increase in the difficulty faced by automated attackers, while only increasing the inconvenience for human users in an approximately linear manner. These strategies are characterised using a new metric, the ‘Captcha Improvement Ratio’. The paper concludes that presenting multiple captcha systems together in random order may provide quantitative and qualitative advantages over many typical present–day captcha systems.


Web security; CAPTCHA; Abuse of websites and services; CAPTCHA Improvement Ratio

Full Text:



A Great Cities Initiative of the University of Illinois at Chicago University Library.

© First Monday, 1995-2018. ISSN 1396-0466.