Yesterday, Google launched reCAPTCHA v3, a revamped version of their Captcha API that helps filter abusive traffic to a website without user interaction. reCAPTCHA v3 returns a score for each request. The score is based on interactions with a site, so website owners can take the most appropriate action.
“Over the last decade, reCAPTCHA has continuously evolved its technology,” Google product manager Wei Liu wrote in a blog post. ReCAPTCHA is usually used on sign in pages. You can rate limit login attempts, exponentially increasing rate limit or just lock out IPs that exceed allowed login attempts and analyze your logs to ban abusive IPs.
She adds,“ reCAPTCHA v3 helps to protect your sites without user friction and gives you more power to decide what to do in risky situations.” reCAPTCHA v3 also runs adaptive risk analysis in the background to alert you of suspicious traffic.
The scoring logic
Website owners can use the reCAPTCHA score in 3 different ways.
- They can set a threshold that determines when a user is let through or when further verification needs to be done.
- They can combine the score with their own signals that reCAPTCHA can’t access such as user profiles or transaction histories.
- They can use the reCAPTCHA score as one of the signals to train machine learning models to fight abuse.
reCAPTCHA v3, uses a new tag “Action” which can be used to define the key steps of a user journey and enable reCAPTCHA to run its risk analysis in context. On adding action to multiple pages, reCAPTCHA adaptive risk analysis engine can identify the pattern of attackers more accurately by looking at the activities across different pages on your website.
The reCAPTCHA admin console provides an overview of reCAPTCHA score distribution and a breakdown for the stats of the top 10 actions on your site.
It also provides multiple ways to customize actions that occur for different types of traffic, to protect against bots and improve user experience based on a website’s specific needs.
You can visit the reCAPTCHA developer site for more details.