A Usable and Secure Bengali CAPTCHA

Abstract

Text-based CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) have traditionally been a simple, affordable, lightweight, yet very effective security mechanism to distinguish human users from automated bots on the web, serving as a preventive measure against many cyberattacks. However, the dependence on the English script creates usability issues for non-native speakers, limiting accessibility for regional communities where English is not widely understood. In this work, we have proposed and implemented a text CAPTCHA mechanism with 6 variants on the Bengali language, designed specifically for native Bengali-speaking users, which is the first of its kind to the best of our knowledge. Our proposed Bengali CAPTCHA exhibits robust security against automated OCR-based attacks, limited to only 0-20% average character recognition rate across 6,000 challenges (1,000 per variant approx.). Furthermore, our design demonstrates high human usability, evaluated with 110 participants, achieving success rates of 56.25% to 90.29% and average response times of 6.69 to 9.9 seconds across all six variants, thereby standing out among text-based CAPTCHA benchmarks.