Home > Research > Publications & Outputs > Captcha as graphical passwords


Text available via DOI:

View graph of relations

Captcha as graphical passwords: a new security primitive based on hard AI problems

Research output: Contribution to Journal/MagazineJournal articlepeer-review

  • Bin B. Zhu
  • Jeff Yan
  • Guanbo Bao
  • Maowei Yang
  • Ning Xu
Article number6775249
<mark>Journal publication date</mark>2014
<mark>Journal</mark>IEEE Transactions on Information Forensics and Security
Issue number6
Number of pages14
Pages (from-to)891-904
Publication StatusPublished
<mark>Original language</mark>English


Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as graphical passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. CaRP also offers a novel approach to address the well-known image hotspot problem in popular graphical password systems, such as PassPoints, that often leads to weak password choices. CaRP is not a panacea, but it offers reasonable security and usability and appears to fit well with some practical applications for improving online security.