In their paper\u00a0Text-based CAPTCHA Strengths and Weaknesses, Elie Bursztein, Matthieu Martin and John C. Mitchel give a list of the design principles which ReCAPTCHA uses and which should be used to customize CAPTCHA.\u00a0\n\t1.\u00a0\u00a0\u00a0 Randomize: A) CAPTCHA length: Don\u2019t use a ?xed length, it gives too much information to the attacker. B)\u00a0Character size: Make sure the attacker can\u2019t make educated guesses by using several font sizes and several fonts.\n\t2.\u00a0\u00a0\u00a0 Wave the CAPTCHA: Making the CAPTCHA into a wave shape increases the dif?culty of ?nding cut points in case of collapsing and helps mitigate the risk of the attacker ?nding the added line based on its slope when using lines.\n\t3.\u00a0\u00a0\u00a0 Anti-recognition techniques will strengthen CAPTCHA security, not guaranteeing it. rotation, scaling and rotating some characters and using various font sizes will reduce the recognition ef?ciency and increase the anti-segmentation security by making character width less predictable.\n\t4.\u00a0\u00a0\u00a0 Don\u2019t use a complex character set: Using a large character set does not signi?cantly improve the CAPTCHA scheme\u2019s security and really hurts human accuracy, thus using a non-confusable character set is the best option.\n\t5.\u00a0\u00a0\u00a0 Use collapsing and\/or lines: Given the current state of the art, using any sort of complex background as an anti-segmentation technique is considered to be insecure. Using lines or collapsing correctly are the only two secure options currently. Complex backgrounds (Like the ellipses used in some ReCAPTCHA\u2019s) can be used as a second line of defense.\n\t6.\u00a0\u00a0\u00a0 Be careful while implementing: To be effective, anti-segmentation techniques must be implemented very carefully (the paper explains these in detail).\n\t7.\u00a0\u00a0\u00a0 Create alternative schemes: As with cryptography algorithms, it is good practice to have alternative CAPTCHA schemes that can be rolled out in case of a break. Variations of the same battle-hardened schemes with additional security features are likely the easiest way to prepare alternative schemes. This seems to be the strategy of ReCAPTCHA, which has alternative schemes that surface from time to time.