Google is making CAPTCHA less annoying

News
By Anthony Spadafora
published

reCAPTCHA v3 brings a frictionless user experience to verification

reCAPTCHA

Websites have been using CAPTCHAs as a means to differentiate between actual users and bots since the early days of the Internet, but Google has now introduced reCAPTCHA v3 with the aim of reducing the number of challenges to users.

The company has continually updated its reCAPTCHA API as more sophisticated bots have come closer to passing as actual humans. The first tests had users type in distorted text to prove they were human while the modern equivalent has users identify objects in images.

Google has also been working to make its reCAPTCHA challenges less noticeable by using a number of signals to help determine whether a users is authentic or fake.

reCAPTCHA v3

With today's release of reCAPTCHA v3, Google is improving the experience further by having the API return a score between 0.0 and 1.0. This score is then used to rank “how suspicious an interaction is” with the end goal to minimize the “need to interrupt users with challenges at all”.

The new system puts reCAPTCHA on more pages besides the login box and runs “adaptive risk analysis in the background to alert you of suspicious traffic”. 

Google explained how the new system works in greater detail in a blog post, saying:

“In reCAPTCHA v3, we are introducing a new concept called “Action”—a tag that you can use to define the key steps of your user journey and enable reCAPTCHA to run its risk analysis in context. Since reCAPTCHA v3 doesn't interrupt users, we recommend adding reCAPTCHA v3 to multiple pages. In this way, the reCAPTCHA adaptive risk analysis engine can identify the pattern of attackers more accurately by looking at the activities across different pages on your website.”

Changes to the API

Google's reCAPTCHA API is now much more customizable to allow sites to determine how  they fight spam and abuse.

Site owners can now set a threshold to determine when a user is let through or when further verification such as two-factor authentication or phone verification is needed. They can also combine the reCAPTCHA score with their own signals such as user profiles or transaction histories to better understand if a user is indeed real.

The reCAPTCHA score can also be used to train machine learning models to help fight abuse.

Via 9to5 Google

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.