CAPTCHA-based security systems have been having a rough time of late. CAPTCHA's were initially deployed as a security technique meant to prevent computer-controlled bots from creating e-mail or forum accounts. Bot authors and security researchers have played a game of oneupmanship for years, with each side trying to outfox the other, but the recent, well-publicized failures of the Windows Live Mail/Hotmail and GMail CAPTCHA systems have had some wondering if CAPTCHAs are finally outdated. One group of researchers doesn't think so, however, and has developed a new CAPTCHA-style system, dubbed IMAGINATION, that it believes will inject new life into current CAPTCHA design.

IMAGINATION uses a two-part authentication scheme to assess a user's humanity. The first authentication step requires the user to find and click on the geometric center of an image. The image, however, is actually a composite of multiple photos that have been selected from a database. If you're curious about what a composite photo might look like, you can check Alipr's example, available here.

Any of the pictures are fair game, and both photos and placement are randomized. Once the end-user correctly identifies the geometric center of the image in question, he's presented with a second photo, and asked to pick an appropriate caption for it from a list of choices. Again, both photo and captions would be randomized, though at least one caption option would always be the correct answer. This type of authentication-by-word-choice would require a certain degree of oversight on the part of the security administrator. An ambiguous picture of a canine, for example, should not offer a choice between "wolf" and "dog" in its list of appropriate captions.



Step one of the IMAGINATION CAPTCHA: click in the center of one of the composited images



Thus far, Alipr's design appears both solid and user friendly. The latter is particularly important, given that many modern-day CAPTCHA's have become so complex and visually warped in their attempts to foil computer-based registrants that they often end up frustrating the human populations that (supposedly) can read them easily.

Further reading