Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHAv2
- URL: http://arxiv.org/abs/2311.10911v2
- Date: Tue, 21 Nov 2023 19:14:57 GMT
- Title: Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHAv2
- Authors: Andrew Searles, Renascence Tarafder Prapty, Gene Tsudik,
- Abstract summary: We investigate usability, solving performance, and user perceptions of modern captchas.
This study was based on a live account creation and password recovery service with reCAPTCHAv2.
We find that, rated via System Usability Scale (SUS), image tasks are viewed as "OK", while checkbox tasks are viewed as "good"
- Score: 10.512866198986279
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Since about 2003, captchas have been widely used as a barrier against bots, while simultaneously annoying great multitudes of users worldwide. As their use grew, techniques to defeat or bypass captchas kept improving, while captchas themselves evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots and humans. Given this long-standing and still-ongoing arms race, it is important to investigate usability, solving performance, and user perceptions of modern captchas. In this work, we do so via a large-scale (over 3, 600 distinct users) 13-month real-world user study and post-study survey. The study, conducted at a large public university, was based on a live account creation and password recovery service with currently prevalent captcha type: reCAPTCHAv2. Results show that, with more attempts, users improve in solving checkbox challenges. For website developers and user study designers, results indicate that the website context directly influences (with statistically significant differences) solving time between password recovery and account creation. We consider the impact of participants' major and education level, showing that certain majors exhibit better performance, while, in general, education level has a direct impact on solving time. Unsurprisingly, we discover that participants find image challenges to be annoying, while checkbox challenges are perceived as easy. We also show that, rated via System Usability Scale (SUS), image tasks are viewed as "OK", while checkbox tasks are viewed as "good". We explore the cost and security of reCAPTCHAv2 and conclude that it has an immense cost and no security. Overall, we believe that this study's results prompt a natural conclusion: reCAPTCHAv2 and similar reCAPTCHA technology should be deprecated.
Related papers
- Breaking reCAPTCHAv2 [20.706469085872516]
We evaluate the effectiveness of automated systems in solving captchas by utilizing advanced YOLO models for image segmentation and classification.
Our findings suggest that there is no significant difference in the number of challenges humans and bots must solve to pass the captchas in reCAPTCHAv2.
arXiv Detail & Related papers (2024-09-13T13:47:12Z) - User Perception of CAPTCHAs: A Comparative Study between University and Internet Users [13.708749758175575]
We surveyed over 250 participants from a university campus and Amazon Mechanical Turk.
We found that users struggle to navigate current CAPTCHA challenges due to increasing difficulty levels.
Participants expressed concerns about the reliability and security of these systems.
arXiv Detail & Related papers (2024-05-28T19:28:04Z) - Nudging Users to Change Breached Passwords Using the Protection Motivation Theory [58.87688846800743]
We draw on the Protection Motivation Theory (PMT) to design nudges that encourage users to change breached passwords.
Our study contributes to PMT's application in security research and provides concrete design implications for improving compromised credential notifications.
arXiv Detail & Related papers (2024-05-24T07:51:15Z) - A Survey of Adversarial CAPTCHAs on its History, Classification and
Generation [69.36242543069123]
We extend the definition of adversarial CAPTCHAs and propose a classification method for adversarial CAPTCHAs.
Also, we analyze some defense methods that can be used to defend adversarial CAPTCHAs, indicating potential threats to adversarial CAPTCHAs.
arXiv Detail & Related papers (2023-11-22T08:44:58Z) - Online Corrupted User Detection and Regret Minimization [49.536254494829436]
In real-world online web systems, multiple users usually arrive sequentially into the system.
We present an important online learning problem named LOCUD to learn and utilize unknown user relations from disrupted behaviors.
We devise a novel online detection algorithm OCCUD based on RCLUB-WCU's inferred user relations.
arXiv Detail & Related papers (2023-10-07T10:20:26Z) - Vulnerability analysis of captcha using Deep learning [0.0]
This research investigates the flaws and vulnerabilities in the CAPTCHA generating systems.
To achieve this, we created CapNet, a Convolutional Neural Network.
The proposed platform can evaluate both numerical and alphanumerical CAPTCHAs
arXiv Detail & Related papers (2023-02-18T17:45:11Z) - Unsupervised Person Re-Identification: A Systematic Survey of Challenges
and Solutions [64.68497473454816]
Unsupervised person Re-ID has drawn increasing attention for its potential to address the scalability issue in person Re-ID.
Unsupervised person Re-ID is challenging primarily due to lacking identity labels to supervise person feature learning.
This survey review recent works on unsupervised person Re-ID from the perspective of challenges and solutions.
arXiv Detail & Related papers (2021-09-01T00:01:35Z) - Robust Text CAPTCHAs Using Adversarial Examples [129.29523847765952]
We propose a user-friendly text-based CAPTCHA generation method named Robust Text CAPTCHA (RTC)
At the first stage, the foregrounds and backgrounds are constructed with randomly sampled font and background images.
At the second stage, we apply a highly transferable adversarial attack for text CAPTCHAs to better obstruct CAPTCHA solvers.
arXiv Detail & Related papers (2021-01-07T11:03:07Z) - Detection of Novel Social Bots by Ensembles of Specialized Classifiers [60.63582690037839]
Malicious actors create inauthentic social media accounts controlled in part by algorithms, known as social bots, to disseminate misinformation and agitate online discussion.
We show that different types of bots are characterized by different behavioral features.
We propose a new supervised learning method that trains classifiers specialized for each class of bots and combines their decisions through the maximum rule.
arXiv Detail & Related papers (2020-06-11T22:59:59Z) - Deceiving computers in Reverse Turing Test through Deep Learning [0.0]
Almost every website and service providers today have the process of checking whether their website is being crawled or not by automated bots.
The aim of this investigation is to check whether the use of a subset of commonly used CAPTCHAs, known as the text CAPTCHA is a reliable process for verifying their human customers.
arXiv Detail & Related papers (2020-06-01T10:11:42Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.