Text-based CAPTCHA Strengths and Weaknesses

Warning: the attack techniques and design guidelines described in this paper are obsolete due to the invention of generalized techniques to break text captchas as described in this paper.


We carry out a systematic study of existing visual CAPTCHAs based on distorted characters that are augmented with anti-segmentation techniques. Applying a systematic evaluation methodology to 15 current CAPTCHA schemes from popular web sites, we find that 13 are vulnerable to automated attacks. Based on this evaluation, we identify a series of recommendations for CAPTCHA designers and attackers, and possible future directions for producing more reliable human/computer distinguishers.

Computer and Communications Security (CCS) 2011


Share this paper on your favorite social network.

Stay in touch

Join the 35K awesome readers community!



Join the 3542 security minded readers that get the latest posts in their inbox!

Learn About:
  • Cutting edge attacks and how to defend against it.
  • Actionable web security and performance tips.
  • Emerging cyber-security trends.
Enter your email and stay on top of things.
No spam I promise and you can unsubscribe anytime.
Elie Bursztein © 2016
About Me

Recent entries