A fundamental task in security is to create cryptographic primitives based on hard mathematical problems that are computationally intractable Using hard AI problems for security is emerging as an exciting new paradigm, but has been underexplored. Here, we present a new security primitive based on hard AI problems, which we call Captcha in Click Point Authentication (C-CPA) from Captcha as Recognition based graphical passwords (CaRGP). CaRGP is both a Captcha and a Recognition based Graphical password scheme. C-CPA from CaRGP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. Notably, a CaRGP password can be found only probabilistically by automatic online guessing attacks even if the password is in the search set. It also address the well-known image hotspot problem, such as PassPoints, that often leads to weak password choices. C-CPA from CaRGP offers reasonable security, usability and appears to fit well with some practical applications for improving online security.