Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

A new Human-Interactive-Proof from Microsoft Research

A new Human-Interactive-Proof from Microsoft Research

  • Comments 4

I came across an interesting page from Microsoft Research.  In it, they talk about a new technique for a human interactive proof.

To save you the trouble of looking this up if you don't know, a human interactive proof is a task that humans need to perform to prove that they are not an automated system.  An example would be those text boxes that have words that are all distorted and you have to type them into a box, and then click Submit (like when you want to add a new friend on Facebook).

This new technique from Microsoft research borrows from the same idea but adds a new twist: rather than getting the user to type the text into the box, they are given a list of 12 pictures of cats and dogs.  The user has to select all of the cats in order to authenticate themselves.  This is based on the principle that humans are good at recognizing visual patterns but computers are not (for now).  And, given a large enough database (Microsoft has partnered with PetFinder.com which has over 2 million pictures), a brute-force approach doesn't work that well.

I think that this is a rather clever technique.  I find the text-box approach difficult to read sometimes but on the other hand, I guess not all the cats look like cats and some people would be prone to missing the occassional furry feline.

Leave a Comment
  • Please add 7 and 4 and type the answer here:
  • Post
  • How do they propose to beat the attack of using cheap human labour paid by offering suitable pictures of naked humans? That has almost always been the biggest weakness of captcha based filtering.

  • What about people with visual disabilities? How will they match cats?

  • Nektar,

    This method wouldn't work very well for people with visual disabilities.  I suppose it's the same problem some blogs have (like Blogspot) have when you have to enter in a security phrase in order to post comments.

  • > How do they propose to beat the attack of using cheap human labour

    I don't think this has been figured out yet.  Cheap human labour is something that spammers (or anyone, really) could exploit to get around a security system designed to prevent automated lookups.

Page 1 of 1 (4 items)