How Does Google reCAPTCHA v2 Work?
There are three variations that are available in version 2.
- “I’m not a robot” Checkbox
- Invisible reCAPTCHA badge
- reCAPTCHA Android
“I’m not a robot” Checkbox
This version needs a user to click on a checkbox. When the box is checked, then it confirms that the user is human or challenges them with a reCAPTCHA to verify.
Invisible reCAPTCHA
| Important note: Abantecart does not support this version. |
This reCAPTCHA does not require interaction from the viewer. It is called when a user clicks on an existing button on the site. It can also be invoked by a Javascript call. A CAPTCHA is invoked only when very suspicious traffic is hitting the site. This trigger level can be made more strict by adjusting the site security settings.
reCAPTCHA Android
This version is used in Android.
How Does Google reCAPTCHA v3 Work?
Version 3 of reCaptcha works by reviewing the traffic on your site and then taking the appropriate action if needed. It generates a score that allows reCaptcha to determine if the interactions in your site traffic are abusive or not. Generally, reCaptcha verification will be running on forms and actions on your site in order to gather the appropriate data.
Examples of areas in your website where scores may be generated by reCaptcha include:
-
- Homepage
- Login
- Social
- eCommerce
reCaptcha v3 “learns” about the traffic on your site by observing, analyzing, and scoring it. Note that reCaptcha v3 does not stop traffic/interactions on your site. Instead, it takes actions based on the identified behavior. Examples of actions based on behavior include requiring email verification for suspect logins, automatically sending spammy posts to moderation, or identifying and filtering out fake friend requests.
When you launch your site, you will need to determine the scoring thresholds by which reCaptcha will act by reviewing your site traffic through the Google Administrator Console for reCaptcha.
reCaptcha v3 works best when it is able to see legitimate traffic/interactions versus actions that are suspect or harmful to your site. It does this by gathering data in different areas of your site and using your threshold score to judge the interactions.
What is the difference between reCAPTCHA v2 and v3?
ReCAPTCHA v2 requires the user to click the “I’m not a robot” checkbox and can serve the user an image recognition challenge. ReCAPTCHA v3 runs in the background and generates a score based on a user’s behavior. The higher the score, the more likely the user is human.
Deciding On The Versions Of reCaptcha
Pick the version of reCaptcha based on your experience and your website/application needs.
reCaptcha v3 is the latest iteration of the security application from Google. It allows traffic to hit your website, but like version 2 (Invisible reCaptcha) it works in the background. Its main difference is that it analyzes the traffic to your web pages and then takes action based on the score thresholds that you establish through the Google Admin Console for reCaptcha.
This version lets you determine the actions taken when you have suspicious activity on your site. So, if you have a large site with a lot of traffic and you want to make sure that your users remain secure while separating any bots, then you will want to use reCaptcha v3.