back to article Rorschach test suggested as CAPTCHA replacement

A group of boffins from Carnegie Mellon University is proposing that inkblot-style patterns form the basis of a system to replace CAPTHCAs, and is offering an open challenge to see how well it works. While the CAPTCHA has been successful in preventing some forms of attack, such as comment-spam on Web forums, CAPTCHA-protected …

COMMENTS

This topic is closed for new posts.

Side benefits...

Those that have had too much to drink, are safe from morning embarrassments.

2
0
Bronze badge
Unhappy

Oh dear, I think I must be a robot ... I couldn't make any sense of any of the patterns shown.

How sad.

5
0
Silver badge

@Gray Ham

Hint: it's all about sex!

3
0
Anonymous Coward

Re: @Gray Ham

I can see Miley Cyrus's tits but the rest of it is meaningless to me.

0
0

Re: @Gray Ham

"I can see Miley Cyrus's tits"

No doubt, but that's no good as an authentication scheme.

Everybody can see Miley Cyrus's tits.

0
0

Can we combine it with yesterday's ketchup CAPTHCA?

Use blotches of tomato and brown sauce instead.

1
0
Silver badge

I see... a clown?

Either I'm a natural comedian, or have suppressed memories of being raped by a guy with a squeaky nose as a kid. Not sure which.

6
0
Silver badge
Coat

I have to ask

Is your clown upside-down and ahem, 'kissing' a lamb? Just asking because I see two bees trying to land on the same flower. Yeah, that's it, bees and a flower.

The one with mind bleach in the pocket.

1
0
Silver badge
Thumb Up

bees and flowers

I like what you did there, but more correctly it should be "birds and bees". We all know what male viewers see when looking at a Rohrschach blob, but there is no way to say that, politely, in a public forum.

0
0
Silver badge
Paris Hilton

Re: bees and flowers

"I like what you did there, but more correctly it should be "birds and bees"."

I remember when my parents sat me down and gave me the talk about the birds and the bees. I didn't believe them because, well, wouldn't the bees sting the birds?

Paris. She knows about the birds and the bees.

0
0
Silver badge

If they make them all so brightly colored, I expect "a clown" will be a very common answer.

0
0

This post has been deleted by its author

Anonymous Coward

Anon's Journal, October 17th, 2013.

Dead thread on the forum this morning, lock icon over its topic. This website is afraid of me. I have seen its true face. The pages are extended comment sections, and the comment sections are full of flames, and when the moderators finally get sick of it, all the trolls will get banned. The accumulated filth of their rage and hatred will flood from their monitors and all the kiddies and neckbeards will look up and shout "Let us in!"... and I'll whisper "access denied".

4
0
Silver badge

Interesting...but...

I don't think this will work. The thing behind CAPTCHAs is defeating bulk access by restricting access to people capable of working their way through something less-than-programmatic, like a distorted picture. The big thing the GOTCHA doesn't do, it seems, is CHECK the initial response against anything reasonable.

So if a machine encounters a GOTCHA for the first time, what's to stop it from putting down a bunch of gibberish like "correct horse battery staple" and simply remembering what it used for the next time it sees the blot (quite easy with the right technique)? Even if the system checks for grammar, you could easily construct a "mad lib" type of system ("I see <NOUN> with <NOUN> and <NOUN>).

6
0

This post has been deleted by its author

Silver badge
WTF?

Re: Interesting...but...

Indeed. Worse yet, I see mentions of "username" and "password" as the first thing there - what the...? The whole point of a Captcha is to "authenticate" an *unidentified* user as "at least not a computer" - registered / logged in users are never supposed to see Captchas...

2
0

Re: Interesting...but...

I think you've misunderstood what it's for. It seems to be a replacement for "think of a question you'd like to be asked when you want your password reset" - Mother's maiden name or similar. You supply your set of tags for the image when you generate your password, and they show you the same image again when you want to retrieve/reset your password. You have to come up with (some of?) the same tags.

So although it's something used at account generation, it's not used by the server to verify that whoever is registering is a person - I guess you'd still need a CAPTCHA for that.

1
0
Bronze badge

Re: Interesting...but...

I think you've misunderstood what it's for. It seems to be a replacement for "think of a question you'd like to be asked when you want your password reset"

The problem is that the article specifically says that the GOTCHAs are supposed to replace CAPTCHAs. But the technology, as described, seems incapable of doing so.

1
0
Meh

"registered / logged in users are never supposed to see Captchas"? [was: Interesting...but...]

That'd be lovely, plz to tell this to the cretins at yahoomail who seem to think that 25 addresses is "too many". Which wouldn't really be a problem if the darned thing actually worked, you know, let me send after typing the characters multiple times.

0
0
Silver badge

It's 'naturally' biased

Given that they all have mirror symmetry about the vertical centre, as do humans and our faces, and since human eyes/brains are very good at finding and recognising faces; it's to be expected that people will 'see' clowns and other anthropomorphic things. Maybe a few butterfiles as well.

0
0
Silver badge

Re: It's 'naturally' biased

I tried to imagine what a butter-file might look like. Now I feel dirty...

2
0
Silver badge

Re: It's 'naturally' biased

Imagine dancing the tango, late at night, in Paris. I'll stand back while you take it from there.

0
0

Better than CAPTCHA?

Rather than 'here's a distorted bunch of text, try to guess what it says' - you have 'here's a distorted picture, try to remember what you thought this was the last time you looked at it 3 months ago'.

Cue everyone needing a password reset anyway?

4
0
Silver badge
WTF?

I see

spots.

4
0
Joke

Re: I see

"I see spots."

"Have you seen a doctor?"

"No, just the spots."

Thank you. I'm here all week, etc etc.

4
0
Anonymous Coward

All that RED???

What about those who are colourblind? Being unable to see red and its shades is enough to stop someone from becoming an electrician so how do these so called boffins(sorry idiots) expect those people to be able to use this POS???

Yes, I'm one of those afflicted.

2
0
Silver badge

Re: All that RED???

In this case, color is only used for uniqueness, not as a distinguishing trait. IOW, a colorblind person may something different, but it's still useable to them because the color doesn't HAVE to factor in.

0
0
Silver badge

Doesn't sound very secure

Ask humans to recognise shapes and I expect the top answers would still be butterfly, bird, vase, balloon etc.

I think a far better challenge would be something like e.g. - "do these in reverse order - click on the wet dog, click on the happy cat", "click on the shape under the red square and then the shape to the right of that". Use context, spatial arrangements, emotions etc, to produce a sentence that a human could follow but a computer would have great trouble with.

0
0
Silver badge

Re: Doesn't sound very secure

I still don't see how a computer couldn't figure it out. It's just a matter of two levels of pattern recognition, and since the CAPTCHAs normally have to be made by computer in order to get out the desired level of randomness, patterns WILL emerge that a computer can exploit.

"Do these in reverse order" - Should be easy enough for a computer to recognize the word "reverse". Even if you tried a scrambled-number order combined with reverse and the occasional, "DO NOT DO THIS STEP" at the end or directional cues like "under" or "to the right", a system with enough training should be able to pick out all these gotchas. Language isn't a big stumbling block anymore as this is the first step towards decent machine translation (while while not perfect is still improving considerably over some years ago). Same for the pictures. It shouldn't be too difficult to tag a certain image (even if rotated or flipped) with "wet dog" and "happy cat".

0
0

This is the best they could come up with?

The flaws are so numerous!

Although I'd probably be happier if they had this on the Google account login page. Google's CAPTCHA is almost impossible to read. And it pops up after like the 3rd failed drunken login attempt. I even tried the audio version once and I wondered how the Google employees thought ANYONE could understand it.

CAPTCHA is OK I guess, just Google's implementation of it is ridiculous.

0
0
Silver badge

Re: This is the best they could come up with?

You get a captcha? I get a "input your cellphone number" no other options. And since it'll be a cold day in hell before Google gets my cellphone number, I go through a google account a week.

1
0
Bronze badge

Re: This is the best they could come up with?

All audio CAPTCHA I have encountered are terrible. I occasionally try the audio when a site uses a ridiculously scrambled CAPTCHA, and invariably the audio is unintelligible as well. So I end up or going elsewhere if there is an alternative, or refreshing the CAPTCHA until it finally throws up a readable one if it's a site I have to use.

2
0
Silver badge

Re: This is the best they could come up with?

Actually, I also get Google pestering me for my mobile phone number occasionally, although I've also noticed that way down at the bottom of the page, in tiny type so they'll hope you miss it, is a link reading "no, thanks".

But, yeah, seriously, cold day in Hell.

1
0
Silver badge

Explosion in a skittles factory

My pattern recognition circuits must be busted, I can't see anything in those Rohrschachs.

0
0

Did I get it right?

It's the grumpy faun from Pan's Labyrinth wearing clown make-up.

0
0
Bronze badge

That image

Is clearly Buddha sitting under aa branch of the Bodhi tree, with birds flocking 'round.

0
0
Bronze badge

I see a devil-clown with horns coming out of its eyes now, but I'm not sure I'd see a devil clown with horns coming out of its eyes next time.

This is not quite exactly the same problem as "what did I pretend my mum's maiden name was when I was asked 3 years ago?"

2
0
Silver badge

can I put "leaky marker" on all of them?

0
0

Why didn't you warn us:

The least you could have done is put a NSFW tag on the story, so we wouldn't bring up an image that disgusting on our work computers.

I don't think dong that is even legal. ;)

0
0

Weird

All I can see in that pattern is a clown being buggered by the horned beast thing on the cover of Donnie Darko.

0
0
Silver badge
Coat

That's a bird...

... that's a horse with a hat on.

- William Shatner in Airplane II

0
0

"Of course, if a user failed the challenge, the system would merely generate a new password, as would be the case today."

That seems to imply that if you get it right then you can get into your account without a password reset, which suggests they will tell you your old password, which means the passwords are being stored in plaintext or using reversible encryption, in which case there are probably one or two other things they should be fixing before messing around with ink blots.

0
0
Anonymous Coward

it is still a captcha

Keypic remove completely the concept of captcha

0
0
This topic is closed for new posts.

Forums