Abstract A Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) is a simple test that is used on websites to differentiate between human users and automated attacks that indulge in spamming and other fraudulent activities. A text‐based CAPTCHA is the most popular security technique used by many websites on the Internet, such as Microsoft, Google and eBay, to secure their sites from automated attacks. By design, however, a CAPTCHA is unable to differentiate between a legitimate human user and a human‐based attacker. This may make websites vulnerable to human‐based attacks while using CAPTCHAs. Hence this article proposes a novel defence system using the keystroke dynamic approach. To evaluate our system, a lab...