Google launches third-generation reCAPTCHA

CAPTCHA is a standard graphical verification code solution on the Internet that can resist the forgery clicks of a considerable number of robots and determine whether the current user is a real person. However, spears and shields always come together, and there are still robots trying to break through the current verification mechanism. The good news is that Google has just launched a new v3 version of the reCAPTCHA API. While improving recognition accuracy, it further reduces the troubles caused by real users.

reCAPTCHA v3

Google said: Over the last decade, reCAPTCHA has continuously evolved its technology. In reCAPTCHA v1, every user was asked to pass a challenge by reading distorted text and typing into a box. To improve both user experience and security, we introduced reCAPTCHA v2 and began to use many other signals to determine whether a request came from a human or bot. This enabled reCAPTCHA challenges to move from a dominant to a secondary role in detecting abuse, letting about half of users pass with a single click.

With the help of reCAPTCHA v3, Google can let the API returning a score between 0.0 and 1.0 and rank the suspiciousness of the interaction with the goal of minimizing the ‘need to interrupt users with challenges at all.’

“In this way, the reCAPTCHA adaptive risk analysis engine can identify the pattern of attackers more accurately by looking at the activities across different pages on your website. In the reCAPTCHA admin console, you can get a full overview of reCAPTCHA score distribution and a breakdown for the stats of the top 10 actions on your site, to help you identify which exact pages are being targeted by bots and how suspicious the traffic was on those pages.”

Also, the new API is more customizable. Websites can choose to combat spam and resource abuse based on their actual needs.

  • First, you can set a threshold that determines when a user is let through or when further verification needs to be done, for example, using two-factor authentication and phone verification.
  • Second, you can combine the score with your own signals that reCAPTCHA can’t access—such as user profiles or transaction histories.
  • Third, you can use the reCAPTCHA score as one of the signals to train your machine learning model to fight abuse.

Via: 9to5google