Google’s reCAPTCHA v3 Promises a “Frictionless User Experience”

Google introduced reCAPTCHA v3 this week, which promises a new “frictionless user experience.” Earlier versions of the API stopped bots but also drew the ire of internet users across the globe. Users were regularly inconvenienced with distorted text challenges, street sign puzzles, click requirements, and other actions to prove their humanity.

v3 offers a marked improvement by detecting bots in the background and returning a score that tells the admin if the interaction is suspicious. It scores traffic with its Adaptive Risk Analysis Engine instead of forcing human users to perform interactive challenges. The score can be used three different ways:

  • Set a threshold that determines when a user is let through or when further verification needs to be done, i.e. two-factor authentication or phone verification.
  • Combine the score with your own signals that reCAPTCHA can’t access, such as user profiles or transaction histories.
  • Use the reCAPTCHA score as one of the signals to train your machine learning model to fight abuse.

v3 give site owners more options to customize the thresholds and actions for different types of traffic. The video below explains how it works and the developer docs have more information on frontend integration and score interpretation.

Site owners can view their traffic in the reCAPTCHA admin console. It also displays a list of all of your sites and what version of the API they are using.

The admin console also has a form for registering new sites:

The WordPress Plugin Directory has dozens of standalone plugins and contact forms that make use of reCAPTCHA in some way. Sites that are already set up to use v2 or the Invisible CAPTCHA, will not automatically update to use v3. There’s a different signup and implementation process that the site owner has to perform before having it integrated on the site.

WordPress plugin developers who offer reCAPTCHA will have to decide if they want to update existing plugins to use v3 or package a v3 offering in a new plugin. The reCAPTCHA v1 API was shut down earlier this year in March. Google’s reCAPTCHA PHP client library on GitHub is still actively encouraging use of both v2 and v3. A date has not been announced for v2 to be deprecated.