Text based: Gimpy, ez-gimpy Pick a word or words from a small dictionary Distort them and add noise

and background Gimpy-r, Googles CAPTCHA Pick random letters Distort them, add noise and background Simards HIP Pick random letters and numbers Distort them and add arcs Simple, normal language questions: What is sum of three and thirty-five? If today is Saturday, what is day after tomorrow? Which of mango, table, water is a fruit?

o o

Very effective, needs a large question bank Cognitively challenged users find it hard Gimpy:

o o o o o o o o

Designed by Yahoo and CMU Picks up 10 random words from dictionary and distorts, fills with noise User has to recognize at least 3 words If user is correct, he is admitted Images of distorted text. Frequently cracked and improved. In current version, 5 pairs of overlapped words. User identifies 3 words. Random placement, font, distortion, background pattern

o o o o

Overlapping words need no noise.

Gimpy-- text distortion used by Yahoo! (routinely cracked & improved)

o o o o o

EZ-Gimpy:

A modified version of Gimpy Yahoo used this version in Messenger Has only 1 random string of characters Not a dictionary word, so not prone to dictionary attack Not a good implementation, already broken by OCRs MSNs Passport service CAPTCHAs:

o o o o o

Provided for Microsofts MSN services Use 8 characters Warping is used to distort Very strong implementation, hasnt been broken It is segmentation-resistant Graphic based CAPTCHAs: BONGO:

o o o o

After M.M.Bongard, pattern recognition expert User has to solve a pattern recognition problem Has to tell the distinct characteristic between two sets of figures Then tell to which set a given figure belongs to

o Bongo
o o Display two series of blocks User must find the characteristic that sets the two series apart

o o o o o o o o

User is asked to determine which series each of four single blocks belongs to Visual puzzle Computer can generate & display, but not solve. If too many choices, humans get it wrong. If not enough choices, computers can be effective with random guess.

Bongo-- visual puzzle, like Mensa tests (if 4 options, guess works 25%)

o o o

PIX:

Uses a large database of labelled images It shows a set of images, user has to recognize the common feature among those E.g., Pick the common characteristic among the following four pictures-----Aeroplane Audio CAPTCHAs:

o o o o o

Consist of downloadable audio clip User listens and enters the spoken word Helps visually disabled users Below is the Googles audio enabled CAPTCHA Not popular

PIX Create a large database of labeled images Pick a concrete object Pick four images of the object from the images database Distort the images Ask the user to pick the object for a list of words Photo Recognition

Need large image DB Images need keywords Four images with same keyword shown Random subset of keywords as choices Poor implementations easy to crack (color of top left pixel unique, etc.) Pix-- photographic recognition (need large image DB, or Google API)

AUDIO BASED CAPTCHA Sounds-- voice synthesis, distortion Usually spells out one-time-password in synthesized or recorded voices Voice recognition cracks simple case. Applied audio filters risk human misunderstanding. Used with image CAPTCHA for increased accessibility. If both use same OTP, easier to crack. Animated CAPTCHA Can use Flash, MPEG, animated GIF Often combined with speech Weaknesses of Image CAPTCHA apply Usually easier to crack due to extra data for pattern matching to analyze Much higher processor and traffic load Not practical in most cases 3D Renders OTP in 3D space to image Reputedly the most difficult to crack Server needs good graphics card to be practical (rare)

Can be combined with other methods Not yet common (tEABAG_3D) Might see more in future