Abstract—Authentication plays a significant role in computer security to validate human users. CAPTCHA is one of human interaction proof test to verify whether user is a human or a computer program. It has become a very popular security mechanism used to prevent any automated abuse of online services which is intended for human user. The test usually is provided in the authentication phase where the user will be directed to the next page if they are authorized. From the login site, an attacker creates a program exploiting the username and password to get into a website. Recently, there are a lot of different types of CAPTCHA available on the internet. However, most of them have been successfully attacked by automated programs. Thus, this paper investigates existing related works on CAPTCHA which focus on login authentication and authorization by proposes a different approach using Jawi script. Based on investigations of the systematic review and preliminary findings, it shows that this is the first work that proposed using a different script and possible future directions for producing more reliable human/computer distinguishers. Future works will develop an alternative and stronger CAPTCHA to prevent breaking cyber-attack such as dictionary attack while maintaining ease of implementation on website and ease of use for human by reducing the difficulties on reading the CAPTCHA. Index Terms— Jawi CAPTCHA, Authentication, Authorization, cyber-attack I. INTRODUCTION APTCHA is a short form of Completely Automated Public Turning Test to tell Computers and Humans Apart. Login services are major phase that exist in most application of website on the internet. As the usage of web services is increasing, the higher the chances of malicious Manuscript received July 23, 2017; revised Aug 10, 2017. This work was supported in part by the Ministry of Higher Education (MOHE) Malaysia under incentive journal and research grant [FRGS/1/2017/ICT04/USIM/02/1]. The authors would like to express their gratitude to Universiti Sains Islam Malaysia (USIM) and MOHE for the support and facilities provided. Sakinah Ali Pitchay is with the Universiti Sains Islam Malaysia (USIM), Malaysia. Currently she is a senior lecturer in Faculty of Science and Technology (FST) and also Associate Fellow with Institute Science Islam. (corresponding author: sakinah.ali@usim.edu.my) Member, IAENG. Nur Nabihah Mohd Suhaimi is a Bachelor of Computer Science in Information Security and Assurance student in FST, USIM. Madihah Mohd Saudi is the Associate Professor, Farida Ridzuan, Nurlida Basir and N.F.Nabila are senior lecturer in FST, USIM. programs attack on it. CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) test can solve the probability of being attacked as it prevents various websites from bots program that are created to attack any network resources. Bots are short form from ‘robot’ which is also a type of malware takes control over an affected computer. According to [11], a good quality CAPTCHA test should have the following characteristics: (i) Content of CAPTCHA can be easily understood by human, (ii) Quick and consume less time, (iii) Suitable for all types of bots abuse. CAPTCHA must be highly secure and easy to use [11]. The previous works on CAPTCHA discuss that many versions of CAPTCHA have been proposed, developed and should not be only difficult to solve by computer programs, but should also friendly [19]. Many companies provide free services, however in the meantime, they suffered from attacks such as dictionary attack, password attack and brute force attack. Therefore, to solve this problem, CAPTCHA can be applied as it will ensure only human obtains an account and CAPTCHA is used to protect all the services on the websites [15]. The following section will identify the problems related to CAPTCHA and are summarised as follows: A. Difficulties on reading the text-based CAPTCHA The previous text-based CAPTCHA tried to make the test easier for human user and difficult enough for computer programs and bot [19]. However, the efforts including created a strong and complex CAPTCHA of many schemes that have background, lead to confusions, blurring, and tilting of text which may make it hard enough for human user to pass the test. Addition of background confusion and twisting of test may cause recognition and usability problem for human user to read the CAPTCHA. B. Requires a large database for video and audio captcha All CAPTCHA apart from text-based CAPTCHA provides a greater security. However, it is lack in terms of space availability which consumes large size of space to upload those types of CAPTCHA on the website [13]. The usage of video and audio based CAPTCHA tests need larger database and may face usability problem as user need to download or view and listen to it first before the user can solve the test. Thus, the scheme should be simple and at the same Sakinah Ali Pitchay, Nur Nabihah Mohd Suhaimi, Madihah Mohd Saudi, Farida Ridzuan, Nurlida Basir and N.F.Nabila An Investigation on Jawi CAPTCHA Based Security for Login Authentication and Authorization: Is It an Alternative Solution? C Proceedings of the World Congress on Engineering and Computer Science 2017 Vol I WCECS 2017, October 25-27, 2017, San Francisco, USA ISBN: 978-988-14047-5-6 ISSN: 2078-0958 (Print); ISSN: 2078-0966 (Online) WCECS 2017