Kat Krol, Simon Parkin and M. Angela Sasse


CAPTCHAs are difficult for humans to use, causing frustration. Alternatives have been proposed, but user studies equate usability to solvability. We consider the user perspective to include workload and context of use. We assess traditional text-based CAPTCHAs alongside PlayThru, a ‘gamified’ verification mechanism, and NoBot, which uses face biometrics. A total of 87 participants were tasked with ticket-buying across three conditions: (1) all three mechanisms in comparison, and NoBot three times (2) on a laptop, and (3) on a tablet. A range of quantitative and qualitative measurements explored the user perspective. Quantitative results showed that participants completed reCAPTCHAs quickest, followed by PlayThru and NoBot. Participants were critical of NoBot in comparison but praised it in isolation. Despite reporting negative experiences with reCAPTCHAs, they were the preferred mechanism, due to familiarity and a sense of security and control. Although slower, participants praised NoBot’s completion speeds, but regarded using personal images as invading privacy.

Date: 21 February 2016 Published: Workshop on Useable Security

USEC 2016, San Diego, CA                                                                  Publisher: Internet Society                                                                                                                                                       Publisher URL: https://www.internetsociety.org/sites/default/files/blogs-media/better-the-devil-you-know-user-study-of-two-captchas-a-possible-replacement-technology.pdf                                                                                       DOI: http://dx.doi.org/10.14722/usec.2016.23013