back to article Rorschach test suggested as CAPTCHA replacement

A group of boffins from Carnegie Mellon University is proposing that inkblot-style patterns form the basis of a system to replace CAPTHCAs, and is offering an open challenge to see how well it works. While the CAPTCHA has been successful in preventing some forms of attack, such as comment-spam on Web forums, CAPTCHA-protected …

COMMENTS

This topic is closed for new posts.
  1. Katie Saucey

    Side benefits...

    Those that have had too much to drink, are safe from morning embarrassments.

  2. Gray Ham Bronze badge
    Unhappy

    Oh dear, I think I must be a robot ... I couldn't make any sense of any of the patterns shown.

    How sad.

    1. Evil Auditor Silver badge

      @Gray Ham

      Hint: it's all about sex!

      1. Anonymous Coward
        Anonymous Coward

        Re: @Gray Ham

        I can see Miley Cyrus's tits but the rest of it is meaningless to me.

        1. Mike Flex

          Re: @Gray Ham

          "I can see Miley Cyrus's tits"

          No doubt, but that's no good as an authentication scheme.

          Everybody can see Miley Cyrus's tits.

  3. Ken Y-N

    Can we combine it with yesterday's ketchup CAPTHCA?

    Use blotches of tomato and brown sauce instead.

  4. M Gale

    I see... a clown?

    Either I'm a natural comedian, or have suppressed memories of being raped by a guy with a squeaky nose as a kid. Not sure which.

    1. Eddy Ito
      Coat

      I have to ask

      Is your clown upside-down and ahem, 'kissing' a lamb? Just asking because I see two bees trying to land on the same flower. Yeah, that's it, bees and a flower.

      The one with mind bleach in the pocket.

      1. Schultz
        Thumb Up

        bees and flowers

        I like what you did there, but more correctly it should be "birds and bees". We all know what male viewers see when looking at a Rohrschach blob, but there is no way to say that, politely, in a public forum.

        1. VinceH
          Paris Hilton

          Re: bees and flowers

          "I like what you did there, but more correctly it should be "birds and bees"."

          I remember when my parents sat me down and gave me the talk about the birds and the bees. I didn't believe them because, well, wouldn't the bees sting the birds?

          Paris. She knows about the birds and the bees.

    2. Old Handle

      If they make them all so brightly colored, I expect "a clown" will be a very common answer.

  5. This post has been deleted by its author

  6. Anonymous Coward
    Anonymous Coward

    Anon's Journal, October 17th, 2013.

    Dead thread on the forum this morning, lock icon over its topic. This website is afraid of me. I have seen its true face. The pages are extended comment sections, and the comment sections are full of flames, and when the moderators finally get sick of it, all the trolls will get banned. The accumulated filth of their rage and hatred will flood from their monitors and all the kiddies and neckbeards will look up and shout "Let us in!"... and I'll whisper "access denied".

  7. Charles 9

    Interesting...but...

    I don't think this will work. The thing behind CAPTCHAs is defeating bulk access by restricting access to people capable of working their way through something less-than-programmatic, like a distorted picture. The big thing the GOTCHA doesn't do, it seems, is CHECK the initial response against anything reasonable.

    So if a machine encounters a GOTCHA for the first time, what's to stop it from putting down a bunch of gibberish like "correct horse battery staple" and simply remembering what it used for the next time it sees the blot (quite easy with the right technique)? Even if the system checks for grammar, you could easily construct a "mad lib" type of system ("I see <NOUN> with <NOUN> and <NOUN>).

    1. This post has been deleted by its author

    2. DropBear
      WTF?

      Re: Interesting...but...

      Indeed. Worse yet, I see mentions of "username" and "password" as the first thing there - what the...? The whole point of a Captcha is to "authenticate" an *unidentified* user as "at least not a computer" - registered / logged in users are never supposed to see Captchas...

      1. skeptical i
        Meh

        "registered / logged in users are never supposed to see Captchas"? [was: Interesting...but...]

        That'd be lovely, plz to tell this to the cretins at yahoomail who seem to think that 25 addresses is "too many". Which wouldn't really be a problem if the darned thing actually worked, you know, let me send after typing the characters multiple times.

    3. Richard 22

      Re: Interesting...but...

      I think you've misunderstood what it's for. It seems to be a replacement for "think of a question you'd like to be asked when you want your password reset" - Mother's maiden name or similar. You supply your set of tags for the image when you generate your password, and they show you the same image again when you want to retrieve/reset your password. You have to come up with (some of?) the same tags.

      So although it's something used at account generation, it's not used by the server to verify that whoever is registering is a person - I guess you'd still need a CAPTCHA for that.

      1. User McUser

        Re: Interesting...but...

        I think you've misunderstood what it's for. It seems to be a replacement for "think of a question you'd like to be asked when you want your password reset"

        The problem is that the article specifically says that the GOTCHAs are supposed to replace CAPTCHAs. But the technology, as described, seems incapable of doing so.

  8. frank ly

    It's 'naturally' biased

    Given that they all have mirror symmetry about the vertical centre, as do humans and our faces, and since human eyes/brains are very good at finding and recognising faces; it's to be expected that people will 'see' clowns and other anthropomorphic things. Maybe a few butterfiles as well.

    1. DropBear

      Re: It's 'naturally' biased

      I tried to imagine what a butter-file might look like. Now I feel dirty...

      1. frank ly

        Re: It's 'naturally' biased

        Imagine dancing the tango, late at night, in Paris. I'll stand back while you take it from there.

  9. kdh0009

    Better than CAPTCHA?

    Rather than 'here's a distorted bunch of text, try to guess what it says' - you have 'here's a distorted picture, try to remember what you thought this was the last time you looked at it 3 months ago'.

    Cue everyone needing a password reset anyway?

  10. Neil Barnes Silver badge
    WTF?

    I see

    spots.

    1. Anonymous Coward
      Joke

      Re: I see

      "I see spots."

      "Have you seen a doctor?"

      "No, just the spots."

      Thank you. I'm here all week, etc etc.

  11. Anonymous Coward
    Anonymous Coward

    All that RED???

    What about those who are colourblind? Being unable to see red and its shades is enough to stop someone from becoming an electrician so how do these so called boffins(sorry idiots) expect those people to be able to use this POS???

    Yes, I'm one of those afflicted.

    1. Charles 9

      Re: All that RED???

      In this case, color is only used for uniqueness, not as a distinguishing trait. IOW, a colorblind person may something different, but it's still useable to them because the color doesn't HAVE to factor in.

  12. DrXym

    Doesn't sound very secure

    Ask humans to recognise shapes and I expect the top answers would still be butterfly, bird, vase, balloon etc.

    I think a far better challenge would be something like e.g. - "do these in reverse order - click on the wet dog, click on the happy cat", "click on the shape under the red square and then the shape to the right of that". Use context, spatial arrangements, emotions etc, to produce a sentence that a human could follow but a computer would have great trouble with.

    1. Charles 9

      Re: Doesn't sound very secure

      I still don't see how a computer couldn't figure it out. It's just a matter of two levels of pattern recognition, and since the CAPTCHAs normally have to be made by computer in order to get out the desired level of randomness, patterns WILL emerge that a computer can exploit.

      "Do these in reverse order" - Should be easy enough for a computer to recognize the word "reverse". Even if you tried a scrambled-number order combined with reverse and the occasional, "DO NOT DO THIS STEP" at the end or directional cues like "under" or "to the right", a system with enough training should be able to pick out all these gotchas. Language isn't a big stumbling block anymore as this is the first step towards decent machine translation (while while not perfect is still improving considerably over some years ago). Same for the pictures. It shouldn't be too difficult to tag a certain image (even if rotated or flipped) with "wet dog" and "happy cat".

  13. Greg D

    This is the best they could come up with?

    The flaws are so numerous!

    Although I'd probably be happier if they had this on the Google account login page. Google's CAPTCHA is almost impossible to read. And it pops up after like the 3rd failed drunken login attempt. I even tried the audio version once and I wondered how the Google employees thought ANYONE could understand it.

    CAPTCHA is OK I guess, just Google's implementation of it is ridiculous.

    1. Vociferous

      Re: This is the best they could come up with?

      You get a captcha? I get a "input your cellphone number" no other options. And since it'll be a cold day in hell before Google gets my cellphone number, I go through a google account a week.

      1. Mike Flugennock

        Re: This is the best they could come up with?

        Actually, I also get Google pestering me for my mobile phone number occasionally, although I've also noticed that way down at the bottom of the page, in tiny type so they'll hope you miss it, is a link reading "no, thanks".

        But, yeah, seriously, cold day in Hell.

    2. Not That Andrew

      Re: This is the best they could come up with?

      All audio CAPTCHA I have encountered are terrible. I occasionally try the audio when a site uses a ridiculously scrambled CAPTCHA, and invariably the audio is unintelligible as well. So I end up or going elsewhere if there is an alternative, or refreshing the CAPTCHA until it finally throws up a readable one if it's a site I have to use.

  14. Vociferous

    Explosion in a skittles factory

    My pattern recognition circuits must be busted, I can't see anything in those Rohrschachs.

  15. QuinnDexter

    Did I get it right?

    It's the grumpy faun from Pan's Labyrinth wearing clown make-up.

  16. Swarthy

    That image

    Is clearly Buddha sitting under aa branch of the Bodhi tree, with birds flocking 'round.

  17. teebie

    I see a devil-clown with horns coming out of its eyes now, but I'm not sure I'd see a devil clown with horns coming out of its eyes next time.

    This is not quite exactly the same problem as "what did I pretend my mum's maiden name was when I was asked 3 years ago?"

  18. Oninoshiko

    can I put "leaky marker" on all of them?

  19. Robert Moore

    Why didn't you warn us:

    The least you could have done is put a NSFW tag on the story, so we wouldn't bring up an image that disgusting on our work computers.

    I don't think dong that is even legal. ;)

  20. Gert Leboski

    Weird

    All I can see in that pattern is a clown being buggered by the horned beast thing on the cover of Donnie Darko.

  21. Graham Marsden
    Coat

    That's a bird...

    ... that's a horse with a hat on.

    - William Shatner in Airplane II

  22. Michael Heydon

    "Of course, if a user failed the challenge, the system would merely generate a new password, as would be the case today."

    That seems to imply that if you get it right then you can get into your account without a password reset, which suggests they will tell you your old password, which means the passwords are being stored in plaintext or using reversible encryption, in which case there are probably one or two other things they should be fixing before messing around with ink blots.

  23. Anonymous Coward
    Anonymous Coward

    it is still a captcha

    Keypic remove completely the concept of captcha

This topic is closed for new posts.

Other stories you might like