Authentication is a commonly used technique in software applications to ensure whether the correct user is getting access to secured services or not. Due to the fast pace of data growth, there is an increasing need for security of online data. This is commonly achieved by the use of various CAPTCHAs. CAPTCHAs are an implementation of reverse Turing test. Turing test is used to distinguish between humans and computers. A fundamental property that the use of CAPTCHA necessitates is that the CAPTCHA must be easy and efficient for humans but difficult for computers. CAPTCHAs are used to protect the data from malicious bots and web crawlers. They are not only used in web sites but also used in banking transactions, cloud computing, distributed infrastructures and income tax services. In this paper, an analysis of the different categories of CAPTCHAs, the attacks against them and ideas and designs to develop more robust and user-friendly CAPTCHAs in the coming future are presented. © 2021, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.