First of all, what is CAPTCHA? CAPTCHA is an acronym that stands for “Completely Automated Public Turing test to tell Computers and Humans Apart“. It is a ‘simple for humans but hard for bots’ challenge given to the online users to prove that they are humans. reCAPTCHA is a free service from Google to protect your site from spam and abuse. reCAPTCHA was developed at Carnegie Mellon University, then acquired by Google in 2009. There were 3 versions of Google reCAPTCHA – version1, version2 and version3. reCAPTCHA v1 was shut down by Google in 2018 and is no longer supported. Let’s try to understand the differences between reCAPTCHA v2 and v3.
reCAPTCHA v2
There are 2 types of reCAPTCHA v2:
- “I’m not a robot” Checkbox
The “I’m not a robot” Checkbox displays a checkbox on the page, as shown above, for users to prove they are not robots. Most of the time, users are allowed to proceed just by clicking the checkbox but sometimes users are asked to solve a challenge to be successfully validated. A typical form with “I’m not a robot” looks like this:
2. Invisible reCAPTCHA badge
The invisible reCAPTCHA badge, as the name says, does not require the user to click on a checkbox. It can be invoked using an existing button on your page or via a JavaScript API call. Everything works in the background by default but the user will be prompted to solve a challenge if some suspicious traffic is detected.
reCAPTCHA v3
Generally, no one likes to have some challenge to be solved while registering for some subscriptions, creating a user account, logging in, etc. CAPTCHA, though is a must have feature for most of the website owners, causes an interruption in the flow of a process. There comes the life saver, reCAPTCHA v3. It is the latest API version from Google which is truly invisible. Users are never prompted to solve any challenge. reCAPTCHA v3 does all the work without any user interaction but by returning a score, calculated based on the traffic behavior on your site/page, using which you can decide whether the action was suspicious and take the most appropriate action. It runs adaptive algorithms in the background to protect your site from suspicious traffic while letting your human users enjoy a friction-less experience. As no new HTML elements are used, you don’t need to worry about your UI and UX part too.
reCAPTCHA v3 also provides easy ways of monitoring the traffic on your site. In v3, Google introduced a new concept called “Action“. To be context based, you can associate any action like login or registration on your site/page with the reCAPTCHA execution. Since there is no user interruption, you can invoke the execution from as many places as you need. Every time invoked, you will be passing the unique action name to the Google server. In the Google reCAPTCHA admin console, you get an overview of the score distribution and also a breakdown of all your traffic based on the top 10 action names you passed.
Hope that gave you a theoretical picture of reCAPTCHA versions, most importantly, Google reCAPTCHA v3. If you want to implement v3 in your application, check my detailed post – how to integrate Google reCAPTCHA v3?.