ABSTRACT
Human Interactive Proof (HIP) is a challenge-response test to recognize automated software tools (called Bots) while protecting online services and resources. Completely Automated Public Turing Test to Tell Computer and Human Apart (CAPTCHA) is the common Access Control mechanism of HIP to discriminate between human actions and Bots actions when accessing online services and resources. This paper a review of two generations of CAPTCHA mechanisms (Classical and recent generations). It also covers some attacks and breaker techniques used to break CAPTCHA mechanisms. In addition, some of security guidelines and principles are introduced for designing strong and secure CAPTCHA against the automated Bots.
