Strengthening CAPTCHA-based Web security

Simple, universally applicable strategies can help any captcha–protected system resist automated attacks and can improve the ability of administrators to detect attacks. The strategies discussed here cause an exponential increase in the difficulty faced by automated attackers, while only increasing the inconvenience for human users in an approximately linear manner. These strategies are characterised using a new metric, the ‘Captcha Improvement Ratio’. The paper concludes that presenting multiple captcha systems together in random order may provide quantitative and qualitative advantages over many typical present–day captcha systems