SlideShare a Scribd company logo
1 of 19
Security and User Experience:
A Holistic Model for CAPTCHA
Usability Issues
Jayalakshmi Raman, University of North Florida
Karthikeyan Umapathy, University of North
Florida
Haiyan Huang, Flagler College
March 23, 2018 Atlanta, GA
2018 Southern Association for Information Systems (SAIS) Annual Conference
CAPTCHA
Completely Automated Public Turing tests to tell
Computers and Humans Apart
A program that can distinguish humans from bots.
Picture source: https://www.letsnurture.com/blog/8-widely-used-captcha-examples.html
CAPTCHAs are Human Interaction Proofs
 CAPTCHA is designed as a challenge response test, that is,
 Simple enough for humans
 But hard for the bots
 These tests are typically a visual challenge as computers lack the ability
human eyes have, to process patterns.
 CAPTCHA design involves picking random string of characters (in case of
text-based CAPTCHAs) rendering into a distorted image.
HAT8M
Purpose of CAPTCHAs
 Websites featuring ability for visitors to comment,
register, signup, or post contents are exposed to
attacks from spam-robots.
 These malicious program’s harmful effects extend to
extracting private data, spamming web forms, and
swaying polls in websites.
 The purpose of CAPTCHA is to identify and block
malicious bots that may spam and/or make
unauthorized use of websites.
 CAPCTHAs are designed as the gateways of
websites to grant the access to “legitimate” site
visitors.
 CAPTCHA is widely adopted as a defense
mechanism across commercial websites to
determine whether a potential user is a human.
Source: http://ui-patterns.com/patterns/Captcha
Type of CAPTCHAs
Text-based
(Images of distorted text)
Image-based
(Set of images with
patterns among
them)
Source: https://www.letsnurture.com/blog/8-widely-used-captcha-examples.html, http://www.bespecular.com/blog/accessibility-of-captchas/
Audio-based
(Distorted sound
clips)
Math-based
(Basic math
problems)
3D CAPTCHAs
(animated texts or
verification code)
Puzzle-based
(Gamified puzzle
solvers)
Usability Issues of CAPTCHAs
 Usability of CAPTCHAs contributes significantly to the quality of user
experience one obtains from the website.
 With the advent of machine learning algorithms, deep learning
techniques and pattern recognition algorithms; bots are getting better
at reading CAPTCHAs.
 As a result, some additional features are incorporated into the design of
CAPTCHAs to make the tests harder for bots to pass.
 Improved CAPTCHAs sometimes are considered to be interfering with
usability and productivity because of their cumbersome nature.
Research Problem
 Limited amount of research studies on CAPTCHAs.
 As a widespread security measure encountered by most Internet users,
it is important to study CAPTCHAs state-of-the-art schemes and the
related usability issues.
 This research focuses on the usability factor in the domain of CAPTCHAs.
 The aim of this research is to develop a holistic framework that can shed
light on how to design effective and highly usable CAPTCHAs.
 This framework is developed based on empirical facts claimed in literature
thus serving as a model for evaluation for future CAPTCHA designs.
Research Methodology
 The aim of this research is to find the balance between usability and security
in CAPTCHAs.
 Conduct a comprehensive study to gain an in-depth understanding of user’s view of
CAPTCHA.
 Develop a holistic model that would in turn help in designing an effective and
adoptable CAPTCHA.
 We used a qualitative method proposed by Jabareen (2009) for conducting
systematic study of the phenomena of interest and building the conceptual
framework based on the analyzed concepts.
 A thorough understanding of relevant concepts are essential to gain
comprehensive understanding of the phenomena and to develop the
framework.
 Empirical evidence on the practical issues confronted by users when solving
CAPTCHA challenge was collected from findings reported in the peer-
reviewed literature.
 Thorough review of literature, we gathered evidences to form the basis for
developing a list of applicable usability features and concerns. These
identified features and concerns laid the foundations for developing the
holistic model of CAPTCHA usability.
Phases for Building Conceptual Framework
Conceptual framework analysis procedure consists of following steps:
1. Conduct extensive and systematic literature review on the phenomenon
to identify relevant literature
2. Reading and analyzing identified literature
3. Discover relevant concepts about the phenomenon from literature
4. Deconstruct and categorize the concepts
5. Integrate and group concepts based on similarities
6. Synthesize and re-synthesize concept groupings to build a holistic
framework that helps in making sense of the phenomenon
7. Validate the holistic framework by presenting to stakeholders
8. Rethink the holistic framework to keep it up to date
Holistic Model of CAPTCHA Usability
Usability of
CAPTCHA
Complexity
Content
Genericity
Presentation
Type of Input
Learnability
and ease of
use
Response
Time
Error Rate
User and
CAPTCHA
types
Culture and
familiarity
Language
Device Type
Distortion
Rate
Standardized
Scheme
Color
Schemes
Legends (*):
ConceptsAttributes
* Different colors are used to
distinguish concepts
Content Genericity
 CAPTCHA challenge tests must be generic enough to allow varied set of users to
take these challenges regardless of their geographic, culture, or content
knowledge.
 English language based challenges can pose barriers for non-English users to
solve the test.
 Recommend using generic contents like mathematical or image schema.
Language
 Challenge tests must abide by W3C Web Accessibility Initiative Guidelines.
 Alternative options to solve challenge tests must be provided.
 General knowledge varies across geographically and cultural regions.
 Combined with language barriers, these challenges can be unsolvable for
some.
 Recommend using animal images, geometric shapes, or other simple
entities that are globally recognized.
Culture and
familiarity
User and
CAPTCHA
types
Presentation
 Presentation of challenge response test schemes plays a vital role in learning and
usability of CAPTCHAs
Color
Schemes
Standardized
Scheme
 Colors can facilitate recognition, help user focus on objects, and get user’s
attention.
 However, color variations can complicate readability of CAPTCHAs.
 Recommend using simple color schemes or avoidance of color schemes can also
accomplish the job effectively.
 Variations in CAPTCHA schemes can pose substantial effort for users to learn
and solve the challenge tests.
 Since there is no single standard in use currently, designers can opt for the
most popular choice of CAPTCHA scheme to ensure familiarity among users.
 Recommend designing hybrid schemes that is easy for humans but harder
for bots.
Presentation (contd.)
Distortion
Rate
Device Type
 Excessive application of distortion and/or noise will make it hard for humans to
detect patterns as well.
 Recommend applying limited amount of distortion.
 Mobile users prefer touch inputs over audio.
 Presentation of a CAPTCHA can be different in mobile vs desktop machine.
 Recommend taking screen size and input mediums into consideration before
presentation CAPTCHA challenge.
Complexity
 Due to advancements with computer vision and machine learning, CAPTCHA
challenge complexity has been increased sacrificing usability.
Error Rate
Response
Time
 Studies indicate that despite users being familiar with CAPTCHAs only 48% of
the users were able to solve the CAPTCHA challenge in their first try.
 Every other attempt is inconvenience to user and system.
 Recommend designing challenges that can be solved by humans in one or two
attempts.
 Response time is the time taken by the users to solve a CAPTCHA challenge.
 When complexity is increased, users spend considerable amount of time
solving or need additional aids to solve the problem.
 Recommend designing CAPTCHAs that can be solved within 10 seconds in first
attempt, if not 20 seconds for multiple attempts.
Complexity (contd.)
Learnability
and ease of
use
Type of Input
 For complex challenges, user must be able to learn and adopt to the test from
their trail and quickly complete it in the next consecutive trials.
 Recommend designing challenges that have lower learning curve in regards to
identify patterns and solve the tests.
 Studies show users prefer mouse inputs over keyboard and touch over voice
inputs.
 Recommend using mouse input based challenges when accessing sites in
desktop and using touch inputs when accessing sites using mobile devices.
Conclusion
 CAPCTHA is a widely used security measure that is designed to distinguish
humans from bots, in order to prevent unauthorized access to websites which
would result in exploiting the Web resources.
 Contributions
 Holistic model that captures usability and CAPTCHA design factors.
 Holistic model can help designers and researchers make sense of the challenges
associated with balancing the effectiveness and the usability of CAPTCHAs.
 Limitations
 Study is based on secondary empirical evidences on the usability of CAPTCHA.
 While we attempted it to be systematic review of literature, peer-review articles found
were limited to search terms used.
 Holistic model makes aware of the most crucial characteristics of a CAPCTHA that
provides good user experience.
Thank You!
Designing CAPTCHA
 CAPTCHA design involves picking random string of characters (in case of text-
based CAPTCHAs) rendering into a distorted image.
HAT8M
 Inner workings of a CAPTCHA Source: Banday and Shah 2011, https://arxiv.org/ftp/arxiv/papers/1112/1112.5605.p
Holistic Model a.k.a Conceptual model
 Conceptual model is a product of systematic qualitative analysis of
multidisciplinary knowledge sources performed to gain better
understanding of a phenomenon.
 Conceptual model is
 interrelated concepts that together provides comprehensive
understanding of a phenomenon
 articulates 'the nature of reality' within a phenomenon
 explains 'how things really works' within a phenomenon
 A concept consists of a set of attributes which defines them.
 Every concept is in relation to the phenomenon under study, to other
relevant concepts, and to its own attributes.
 Concepts and attributes are identified through a systematic synthesis of
findings from multiple bodies of knowledge such as peer reviewed
research articles.

More Related Content

Similar to Security and User Experience: A Holistic Model for CAPTCHA Usability Issues

CAPTCHA(Image Verification Code)
CAPTCHA(Image Verification Code)CAPTCHA(Image Verification Code)
CAPTCHA(Image Verification Code)
Abhimanyu Sood
 
Captcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdfCaptcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdf
Ganesh Dhage
 
Captcha Seminar report 2014
Captcha Seminar report 2014Captcha Seminar report 2014
Captcha Seminar report 2014
Ganesh Dhage
 

Similar to Security and User Experience: A Holistic Model for CAPTCHA Usability Issues (20)

A FRAMEWORK FOR DEVANAGARI SCRIPT-BASED CAPTCHA
A FRAMEWORK FOR DEVANAGARI SCRIPT-BASED CAPTCHA A FRAMEWORK FOR DEVANAGARI SCRIPT-BASED CAPTCHA
A FRAMEWORK FOR DEVANAGARI SCRIPT-BASED CAPTCHA
 
Human Computer Interface -l2.pdf
Human Computer Interface -l2.pdfHuman Computer Interface -l2.pdf
Human Computer Interface -l2.pdf
 
Demonstrated Deep Learning Techniques for the Resolution of CAPTCHA images
Demonstrated Deep Learning Techniques for the Resolution of CAPTCHA imagesDemonstrated Deep Learning Techniques for the Resolution of CAPTCHA images
Demonstrated Deep Learning Techniques for the Resolution of CAPTCHA images
 
CAPTCHA(Image Verification Code)
CAPTCHA(Image Verification Code)CAPTCHA(Image Verification Code)
CAPTCHA(Image Verification Code)
 
A Survey of Current Research on CAPTCHA
A Survey of Current Research on CAPTCHAA Survey of Current Research on CAPTCHA
A Survey of Current Research on CAPTCHA
 
Advanced Captcha Report
Advanced Captcha ReportAdvanced Captcha Report
Advanced Captcha Report
 
A BENCHMARK FOR DESIGNING USABLE AND SECURE TEXT-BASED CAPTCHAS
A BENCHMARK FOR DESIGNING USABLE AND SECURE TEXT-BASED CAPTCHASA BENCHMARK FOR DESIGNING USABLE AND SECURE TEXT-BASED CAPTCHAS
A BENCHMARK FOR DESIGNING USABLE AND SECURE TEXT-BASED CAPTCHAS
 
A BENCHMARK FOR DESIGNING USABLE AND SECURE TEXT-BASED CAPTCHAS
A BENCHMARK FOR DESIGNING USABLE AND SECURE TEXT-BASED CAPTCHASA BENCHMARK FOR DESIGNING USABLE AND SECURE TEXT-BASED CAPTCHAS
A BENCHMARK FOR DESIGNING USABLE AND SECURE TEXT-BASED CAPTCHAS
 
Captcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdfCaptcha Seminar report 2014 pdf
Captcha Seminar report 2014 pdf
 
Captcha
CaptchaCaptcha
Captcha
 
IRJET- Different Implemented Captchas and Breaking Methods
IRJET- Different Implemented Captchas and Breaking MethodsIRJET- Different Implemented Captchas and Breaking Methods
IRJET- Different Implemented Captchas and Breaking Methods
 
Captchas
CaptchasCaptchas
Captchas
 
Captcha seminar report
Captcha seminar reportCaptcha seminar report
Captcha seminar report
 
Captcha Seminar report 2014
Captcha Seminar report 2014Captcha Seminar report 2014
Captcha Seminar report 2014
 
IRJET-PLC and SCADA based Distribution and Substation Automation
IRJET-PLC and SCADA based Distribution and Substation AutomationIRJET-PLC and SCADA based Distribution and Substation Automation
IRJET-PLC and SCADA based Distribution and Substation Automation
 
Video Captcha as a Graphical Password
Video Captcha as a Graphical PasswordVideo Captcha as a Graphical Password
Video Captcha as a Graphical Password
 
Research trends on CAPTCHA: A systematic literature
Research trends on CAPTCHA: A systematic literature Research trends on CAPTCHA: A systematic literature
Research trends on CAPTCHA: A systematic literature
 
An Optimized System to Solve Text-Based Captcha
An Optimized System to Solve Text-Based CaptchaAn Optimized System to Solve Text-Based Captcha
An Optimized System to Solve Text-Based Captcha
 
A Survey of Comparative Analysis of Secure Passwords using CaRP by Different ...
A Survey of Comparative Analysis of Secure Passwords using CaRP by Different ...A Survey of Comparative Analysis of Secure Passwords using CaRP by Different ...
A Survey of Comparative Analysis of Secure Passwords using CaRP by Different ...
 
Seminar Report Mine
Seminar Report MineSeminar Report Mine
Seminar Report Mine
 

More from Karthikeyan Umapathy

Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Systematic Literature Review and Research Model to Examine Data Analytics Ado...Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Karthikeyan Umapathy
 
Finding Insights in Florida Voter Participation
Finding Insights in Florida Voter ParticipationFinding Insights in Florida Voter Participation
Finding Insights in Florida Voter Participation
Karthikeyan Umapathy
 
Identifying Communities with Opportunities for Positive Youth Development
Identifying Communities with Opportunities for Positive Youth DevelopmentIdentifying Communities with Opportunities for Positive Youth Development
Identifying Communities with Opportunities for Positive Youth Development
Karthikeyan Umapathy
 
Profiling Florida Voter Participation
Profiling Florida Voter ParticipationProfiling Florida Voter Participation
Profiling Florida Voter Participation
Karthikeyan Umapathy
 
Developing a GIS Dashboard Tool to Inform Non-Profit Hospitals of Community H...
Developing a GIS Dashboard Tool to Inform Non-Profit Hospitals of Community H...Developing a GIS Dashboard Tool to Inform Non-Profit Hospitals of Community H...
Developing a GIS Dashboard Tool to Inform Non-Profit Hospitals of Community H...
Karthikeyan Umapathy
 
A Research Plan to Study Impact of a Collaborative Web Search Tool on Novice'...
A Research Plan to Study Impact of a Collaborative Web Search Tool on Novice'...A Research Plan to Study Impact of a Collaborative Web Search Tool on Novice'...
A Research Plan to Study Impact of a Collaborative Web Search Tool on Novice'...
Karthikeyan Umapathy
 

More from Karthikeyan Umapathy (20)

2023 FL-DSSG - Big Reveal Slides
2023 FL-DSSG - Big Reveal Slides2023 FL-DSSG - Big Reveal Slides
2023 FL-DSSG - Big Reveal Slides
 
Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Systematic Literature Review and Research Model to Examine Data Analytics Ado...Systematic Literature Review and Research Model to Examine Data Analytics Ado...
Systematic Literature Review and Research Model to Examine Data Analytics Ado...
 
Finding Insights in Florida Voter Participation
Finding Insights in Florida Voter ParticipationFinding Insights in Florida Voter Participation
Finding Insights in Florida Voter Participation
 
A Systematic Review of Affordable Homeownership using Data Science Methods
A Systematic Review of Affordable Homeownership using Data Science MethodsA Systematic Review of Affordable Homeownership using Data Science Methods
A Systematic Review of Affordable Homeownership using Data Science Methods
 
Identifying Communities with Opportunities for Positive Youth Development
Identifying Communities with Opportunities for Positive Youth DevelopmentIdentifying Communities with Opportunities for Positive Youth Development
Identifying Communities with Opportunities for Positive Youth Development
 
2022 Florida Data Science for Social Good (FL-DSSG) Big Reveal Slides
2022 Florida Data Science for Social Good (FL-DSSG) Big Reveal  Slides2022 Florida Data Science for Social Good (FL-DSSG) Big Reveal  Slides
2022 Florida Data Science for Social Good (FL-DSSG) Big Reveal Slides
 
Longitudinal Study on the Generational Impacts of Habitat for Humanity: A Res...
Longitudinal Study on the Generational Impacts of Habitat for Humanity: A Res...Longitudinal Study on the Generational Impacts of Habitat for Humanity: A Res...
Longitudinal Study on the Generational Impacts of Habitat for Humanity: A Res...
 
Profiling Florida Voter Participation
Profiling Florida Voter ParticipationProfiling Florida Voter Participation
Profiling Florida Voter Participation
 
2021 Florida Data Science for Social Good Big Reveal
2021 Florida Data Science for Social Good Big Reveal2021 Florida Data Science for Social Good Big Reveal
2021 Florida Data Science for Social Good Big Reveal
 
2020 Florida Data Science for Social Good Big Reveal
2020 Florida Data Science for Social Good Big Reveal2020 Florida Data Science for Social Good Big Reveal
2020 Florida Data Science for Social Good Big Reveal
 
Dashboard for Extracting Regional Insights and Ranking Food Deserts in Northe...
Dashboard for Extracting Regional Insights and Ranking Food Deserts in Northe...Dashboard for Extracting Regional Insights and Ranking Food Deserts in Northe...
Dashboard for Extracting Regional Insights and Ranking Food Deserts in Northe...
 
Developing a GIS Dashboard Tool to Inform Non-Profit Hospitals of Community H...
Developing a GIS Dashboard Tool to Inform Non-Profit Hospitals of Community H...Developing a GIS Dashboard Tool to Inform Non-Profit Hospitals of Community H...
Developing a GIS Dashboard Tool to Inform Non-Profit Hospitals of Community H...
 
Collaborative Community Engagement: Bringing Data Science to Societal Challen...
Collaborative Community Engagement: Bringing Data Science to Societal Challen...Collaborative Community Engagement: Bringing Data Science to Societal Challen...
Collaborative Community Engagement: Bringing Data Science to Societal Challen...
 
2019 Florida Data Science for Social Good (FL-DSSG) Big Reveal
2019 Florida Data Science for Social Good (FL-DSSG) Big Reveal2019 Florida Data Science for Social Good (FL-DSSG) Big Reveal
2019 Florida Data Science for Social Good (FL-DSSG) Big Reveal
 
2018 Academy Health Annual Research Meeting Poster
2018 Academy Health Annual Research Meeting Poster2018 Academy Health Annual Research Meeting Poster
2018 Academy Health Annual Research Meeting Poster
 
2018 Florida Data Science for Social Good (FL-DSSG) Big Reveal Presentation
2018 Florida Data Science for Social Good (FL-DSSG) Big Reveal Presentation2018 Florida Data Science for Social Good (FL-DSSG) Big Reveal Presentation
2018 Florida Data Science for Social Good (FL-DSSG) Big Reveal Presentation
 
2017 Florida Data Science for Social Good Big Reveal
2017 Florida Data Science for Social Good Big Reveal2017 Florida Data Science for Social Good Big Reveal
2017 Florida Data Science for Social Good Big Reveal
 
A Research Plan to Study Impact of a Collaborative Web Search Tool on Novice'...
A Research Plan to Study Impact of a Collaborative Web Search Tool on Novice'...A Research Plan to Study Impact of a Collaborative Web Search Tool on Novice'...
A Research Plan to Study Impact of a Collaborative Web Search Tool on Novice'...
 
UNF Computing Senior Capstone Project
UNF Computing Senior Capstone ProjectUNF Computing Senior Capstone Project
UNF Computing Senior Capstone Project
 
Leveraging Service Computing and Big Data Analytics for E-Commerce
Leveraging Service Computing and Big Data Analytics for E-CommerceLeveraging Service Computing and Big Data Analytics for E-Commerce
Leveraging Service Computing and Big Data Analytics for E-Commerce
 

Recently uploaded

Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Recently uploaded (20)

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 

Security and User Experience: A Holistic Model for CAPTCHA Usability Issues

  • 1. Security and User Experience: A Holistic Model for CAPTCHA Usability Issues Jayalakshmi Raman, University of North Florida Karthikeyan Umapathy, University of North Florida Haiyan Huang, Flagler College March 23, 2018 Atlanta, GA 2018 Southern Association for Information Systems (SAIS) Annual Conference
  • 2. CAPTCHA Completely Automated Public Turing tests to tell Computers and Humans Apart A program that can distinguish humans from bots. Picture source: https://www.letsnurture.com/blog/8-widely-used-captcha-examples.html
  • 3. CAPTCHAs are Human Interaction Proofs  CAPTCHA is designed as a challenge response test, that is,  Simple enough for humans  But hard for the bots  These tests are typically a visual challenge as computers lack the ability human eyes have, to process patterns.  CAPTCHA design involves picking random string of characters (in case of text-based CAPTCHAs) rendering into a distorted image. HAT8M
  • 4. Purpose of CAPTCHAs  Websites featuring ability for visitors to comment, register, signup, or post contents are exposed to attacks from spam-robots.  These malicious program’s harmful effects extend to extracting private data, spamming web forms, and swaying polls in websites.  The purpose of CAPTCHA is to identify and block malicious bots that may spam and/or make unauthorized use of websites.  CAPCTHAs are designed as the gateways of websites to grant the access to “legitimate” site visitors.  CAPTCHA is widely adopted as a defense mechanism across commercial websites to determine whether a potential user is a human. Source: http://ui-patterns.com/patterns/Captcha
  • 5. Type of CAPTCHAs Text-based (Images of distorted text) Image-based (Set of images with patterns among them) Source: https://www.letsnurture.com/blog/8-widely-used-captcha-examples.html, http://www.bespecular.com/blog/accessibility-of-captchas/ Audio-based (Distorted sound clips) Math-based (Basic math problems) 3D CAPTCHAs (animated texts or verification code) Puzzle-based (Gamified puzzle solvers)
  • 6. Usability Issues of CAPTCHAs  Usability of CAPTCHAs contributes significantly to the quality of user experience one obtains from the website.  With the advent of machine learning algorithms, deep learning techniques and pattern recognition algorithms; bots are getting better at reading CAPTCHAs.  As a result, some additional features are incorporated into the design of CAPTCHAs to make the tests harder for bots to pass.  Improved CAPTCHAs sometimes are considered to be interfering with usability and productivity because of their cumbersome nature.
  • 7. Research Problem  Limited amount of research studies on CAPTCHAs.  As a widespread security measure encountered by most Internet users, it is important to study CAPTCHAs state-of-the-art schemes and the related usability issues.  This research focuses on the usability factor in the domain of CAPTCHAs.  The aim of this research is to develop a holistic framework that can shed light on how to design effective and highly usable CAPTCHAs.  This framework is developed based on empirical facts claimed in literature thus serving as a model for evaluation for future CAPTCHA designs.
  • 8. Research Methodology  The aim of this research is to find the balance between usability and security in CAPTCHAs.  Conduct a comprehensive study to gain an in-depth understanding of user’s view of CAPTCHA.  Develop a holistic model that would in turn help in designing an effective and adoptable CAPTCHA.  We used a qualitative method proposed by Jabareen (2009) for conducting systematic study of the phenomena of interest and building the conceptual framework based on the analyzed concepts.  A thorough understanding of relevant concepts are essential to gain comprehensive understanding of the phenomena and to develop the framework.  Empirical evidence on the practical issues confronted by users when solving CAPTCHA challenge was collected from findings reported in the peer- reviewed literature.  Thorough review of literature, we gathered evidences to form the basis for developing a list of applicable usability features and concerns. These identified features and concerns laid the foundations for developing the holistic model of CAPTCHA usability.
  • 9. Phases for Building Conceptual Framework Conceptual framework analysis procedure consists of following steps: 1. Conduct extensive and systematic literature review on the phenomenon to identify relevant literature 2. Reading and analyzing identified literature 3. Discover relevant concepts about the phenomenon from literature 4. Deconstruct and categorize the concepts 5. Integrate and group concepts based on similarities 6. Synthesize and re-synthesize concept groupings to build a holistic framework that helps in making sense of the phenomenon 7. Validate the holistic framework by presenting to stakeholders 8. Rethink the holistic framework to keep it up to date
  • 10. Holistic Model of CAPTCHA Usability Usability of CAPTCHA Complexity Content Genericity Presentation Type of Input Learnability and ease of use Response Time Error Rate User and CAPTCHA types Culture and familiarity Language Device Type Distortion Rate Standardized Scheme Color Schemes Legends (*): ConceptsAttributes * Different colors are used to distinguish concepts
  • 11. Content Genericity  CAPTCHA challenge tests must be generic enough to allow varied set of users to take these challenges regardless of their geographic, culture, or content knowledge.  English language based challenges can pose barriers for non-English users to solve the test.  Recommend using generic contents like mathematical or image schema. Language  Challenge tests must abide by W3C Web Accessibility Initiative Guidelines.  Alternative options to solve challenge tests must be provided.  General knowledge varies across geographically and cultural regions.  Combined with language barriers, these challenges can be unsolvable for some.  Recommend using animal images, geometric shapes, or other simple entities that are globally recognized. Culture and familiarity User and CAPTCHA types
  • 12. Presentation  Presentation of challenge response test schemes plays a vital role in learning and usability of CAPTCHAs Color Schemes Standardized Scheme  Colors can facilitate recognition, help user focus on objects, and get user’s attention.  However, color variations can complicate readability of CAPTCHAs.  Recommend using simple color schemes or avoidance of color schemes can also accomplish the job effectively.  Variations in CAPTCHA schemes can pose substantial effort for users to learn and solve the challenge tests.  Since there is no single standard in use currently, designers can opt for the most popular choice of CAPTCHA scheme to ensure familiarity among users.  Recommend designing hybrid schemes that is easy for humans but harder for bots.
  • 13. Presentation (contd.) Distortion Rate Device Type  Excessive application of distortion and/or noise will make it hard for humans to detect patterns as well.  Recommend applying limited amount of distortion.  Mobile users prefer touch inputs over audio.  Presentation of a CAPTCHA can be different in mobile vs desktop machine.  Recommend taking screen size and input mediums into consideration before presentation CAPTCHA challenge.
  • 14. Complexity  Due to advancements with computer vision and machine learning, CAPTCHA challenge complexity has been increased sacrificing usability. Error Rate Response Time  Studies indicate that despite users being familiar with CAPTCHAs only 48% of the users were able to solve the CAPTCHA challenge in their first try.  Every other attempt is inconvenience to user and system.  Recommend designing challenges that can be solved by humans in one or two attempts.  Response time is the time taken by the users to solve a CAPTCHA challenge.  When complexity is increased, users spend considerable amount of time solving or need additional aids to solve the problem.  Recommend designing CAPTCHAs that can be solved within 10 seconds in first attempt, if not 20 seconds for multiple attempts.
  • 15. Complexity (contd.) Learnability and ease of use Type of Input  For complex challenges, user must be able to learn and adopt to the test from their trail and quickly complete it in the next consecutive trials.  Recommend designing challenges that have lower learning curve in regards to identify patterns and solve the tests.  Studies show users prefer mouse inputs over keyboard and touch over voice inputs.  Recommend using mouse input based challenges when accessing sites in desktop and using touch inputs when accessing sites using mobile devices.
  • 16. Conclusion  CAPCTHA is a widely used security measure that is designed to distinguish humans from bots, in order to prevent unauthorized access to websites which would result in exploiting the Web resources.  Contributions  Holistic model that captures usability and CAPTCHA design factors.  Holistic model can help designers and researchers make sense of the challenges associated with balancing the effectiveness and the usability of CAPTCHAs.  Limitations  Study is based on secondary empirical evidences on the usability of CAPTCHA.  While we attempted it to be systematic review of literature, peer-review articles found were limited to search terms used.  Holistic model makes aware of the most crucial characteristics of a CAPCTHA that provides good user experience.
  • 18. Designing CAPTCHA  CAPTCHA design involves picking random string of characters (in case of text- based CAPTCHAs) rendering into a distorted image. HAT8M  Inner workings of a CAPTCHA Source: Banday and Shah 2011, https://arxiv.org/ftp/arxiv/papers/1112/1112.5605.p
  • 19. Holistic Model a.k.a Conceptual model  Conceptual model is a product of systematic qualitative analysis of multidisciplinary knowledge sources performed to gain better understanding of a phenomenon.  Conceptual model is  interrelated concepts that together provides comprehensive understanding of a phenomenon  articulates 'the nature of reality' within a phenomenon  explains 'how things really works' within a phenomenon  A concept consists of a set of attributes which defines them.  Every concept is in relation to the phenomenon under study, to other relevant concepts, and to its own attributes.  Concepts and attributes are identified through a systematic synthesis of findings from multiple bodies of knowledge such as peer reviewed research articles.