Captcha is now a standard Internet security technique to protect online email and other services from being abused by bots. This paper introduce a new security primitive based on hard AI problems, namely, a novel family of graphical password systems integrating Captcha technology, which we call CaRP (Captcha as gRaphical Passwords). CaRP is click-based graphical passwords, where a sequence of clicks on an image is used to derive a password. Unlike other click-based graphical passwords, images used in CaRP are Captcha challenges, and a new CaRP image is generated for every login attempt. CaRP requires solving a Captcha challenge in every login. This impact on usability can be mitigated by adapting the CaRP image’s difficulty level based on the login history of the account and the machine used to log in.