Introducing reCAPTCHA v3: the new way to stop bots
Stay organized with collections
Save and categorize content based on your preferences.
Monday, October 29, 2018
Today, we're excited to introduce reCAPTCHA v3, our newest API that helps you detect abusive
traffic on your website without user interaction. Instead of showing a CAPTCHA challenge,
reCAPTCHA v3
returns a score so you can choose the most appropriate action for your website.
A Frictionless User Experience
Over the last decade, reCAPTCHA has continuously evolved its technology. In reCAPTCHA v1, every
user was asked to pass a challenge by reading distorted text and typing into a box. To improve
both user experience and security, we introduced reCAPTCHA v2 and began to use many other signals
to determine whether a request came from a human or bot. This enabled reCAPTCHA challenges to move
from a dominant to a secondary role in detecting abuse, letting about half of users pass with a
single click. Now with reCAPTCHA v3, we are fundamentally changing how sites can test for human
vs. bot activities by returning a score to tell you how suspicious an interaction is and
eliminating the need to interrupt users with challenges at all. reCAPTCHA v3 runs adaptive risk
analysis in the background to alert you of suspicious traffic while letting your human users enjoy
a frictionless experience on your site.
More Accurate Bot Detection with "Actions"
In reCAPTCHA v3, we are introducing a new concept called "Action"—a tag that you can use to define
the key steps of your user journey and enable reCAPTCHA to run its risk analysis in context. Since
reCAPTCHA v3 doesn't interrupt users, we recommend adding reCAPTCHA v3 to multiple pages. In this
way, the reCAPTCHA adaptive risk analysis engine can identify the pattern of attackers more
accurately by looking at the activities across different pages on your website. In the reCAPTCHA
admin console, you can get a full overview of reCAPTCHA score distribution and a breakdown for the
stats of the top 10 actions on your site, to help you identify which exact pages are being
targeted by bots and how suspicious the traffic was on those pages.
Fighting Bots Your Way
Another big benefit that you'll get from reCAPTCHA v3 is the flexibility to prevent spam and
abuse in the way that best fits your website. Previously, the reCAPTCHA system mostly decided
when and what CAPTCHAs to serve to users, leaving you with limited influence over your website's
user experience. Now, reCAPTCHA v3 will provide you with a score that tells you how suspicious
an interaction is. There are three potential ways you can use the score. First, you can set a
threshold that determines when a user is let through or when further verification needs to be
done, for example, using two-factor authentication and phone verification. Second, you can
combine the score with your own signals that reCAPTCHA can't access—such as user profiles or
transaction histories. Third, you can use the reCAPTCHA score as one of the signals to train
your machine learning model to fight abuse. By providing you with these new ways to customize
the actions that occur for different types of traffic, this new version lets you protect your
site against bots and improve your user experience based on your website's specific needs.
In short, reCAPTCHA v3 helps to protect your sites without user friction and gives you more power
to decide what to do in risky situations. As always, we are working every day to stay ahead of
attackers and keep the Internet easy and safe to use (except for bots).
Ready to get started with reCAPTCHA v3? Visit our
developer site
for more details.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],[],[[["\u003cp\u003ereCAPTCHA v3 eliminates user interaction (like CAPTCHA challenges) by returning a score to assess the risk of an interaction.\u003c/p\u003e\n"],["\u003cp\u003ereCAPTCHA v3 uses adaptive risk analysis to detect suspicious traffic in the background, allowing for a smoother user experience.\u003c/p\u003e\n"],["\u003cp\u003eWebsite owners can define "Actions" to help reCAPTCHA v3 understand user journeys and identify suspicious activity patterns across pages.\u003c/p\u003e\n"],["\u003cp\u003ereCAPTCHA v3 scores can be customized to trigger various actions, such as further verification steps or integration with machine learning models, giving website owners more control.\u003c/p\u003e\n"]]],["reCAPTCHA v3, a new API, detects abusive website traffic without user interaction by returning a score indicating suspiciousness. It introduces \"Actions,\" tags defining user journey steps, to enhance risk analysis across multiple pages. Unlike previous versions, v3 eliminates user challenges, offering a frictionless experience. The score provides flexibility, allowing website owners to set thresholds for verification, combine it with their own data, or use it in machine learning models to combat abuse. This new version offers greater control in protecting sites.\n"],null,["# Introducing reCAPTCHA v3: the new way to stop bots\n\nMonday, October 29, 2018\n\n\nToday, we're excited to introduce reCAPTCHA v3, our newest API that helps you detect abusive\ntraffic on your website without user interaction. Instead of showing a CAPTCHA challenge,\n[reCAPTCHA v3](/recaptcha/docs/v3)\nreturns a score so you can choose the most appropriate action for your website.\n\nA Frictionless User Experience\n------------------------------\n\n\nOver the last decade, reCAPTCHA has continuously evolved its technology. In reCAPTCHA v1, every\nuser was asked to pass a challenge by reading distorted text and typing into a box. To improve\nboth user experience and security, we introduced reCAPTCHA v2 and began to use many other signals\nto determine whether a request came from a human or bot. This enabled reCAPTCHA challenges to move\nfrom a dominant to a secondary role in detecting abuse, letting about half of users pass with a\nsingle click. Now with reCAPTCHA v3, we are fundamentally changing how sites can test for human\nvs. bot activities by returning a score to tell you how suspicious an interaction is and\neliminating the need to interrupt users with challenges at all. reCAPTCHA v3 runs adaptive risk\nanalysis in the background to alert you of suspicious traffic while letting your human users enjoy\na frictionless experience on your site.\n\nMore Accurate Bot Detection with \"Actions\"\n------------------------------------------\n\n\nIn reCAPTCHA v3, we are introducing a new concept called \"Action\"---a tag that you can use to define\nthe key steps of your user journey and enable reCAPTCHA to run its risk analysis in context. Since\nreCAPTCHA v3 doesn't interrupt users, we recommend adding reCAPTCHA v3 to multiple pages. In this\nway, the reCAPTCHA adaptive risk analysis engine can identify the pattern of attackers more\naccurately by looking at the activities across different pages on your website. In the reCAPTCHA\nadmin console, you can get a full overview of reCAPTCHA score distribution and a breakdown for the\nstats of the top 10 actions on your site, to help you identify which exact pages are being\ntargeted by bots and how suspicious the traffic was on those pages.\n\nFighting Bots Your Way\n----------------------\n\n\nAnother big benefit that you'll get from reCAPTCHA v3 is the flexibility to prevent spam and\nabuse in the way that best fits your website. Previously, the reCAPTCHA system mostly decided\nwhen and what CAPTCHAs to serve to users, leaving you with limited influence over your website's\nuser experience. Now, reCAPTCHA v3 will provide you with a score that tells you how suspicious\nan interaction is. There are three potential ways you can use the score. First, you can set a\nthreshold that determines when a user is let through or when further verification needs to be\ndone, for example, using two-factor authentication and phone verification. Second, you can\ncombine the score with your own signals that reCAPTCHA can't access---such as user profiles or\ntransaction histories. Third, you can use the reCAPTCHA score as one of the signals to train\nyour machine learning model to fight abuse. By providing you with these new ways to customize\nthe actions that occur for different types of traffic, this new version lets you protect your\nsite against bots and improve your user experience based on your website's specific needs.\n\n\nIn short, reCAPTCHA v3 helps to protect your sites without user friction and gives you more power\nto decide what to do in risky situations. As always, we are working every day to stay ahead of\nattackers and keep the Internet easy and safe to use (except for bots).\n\n\nReady to get started with reCAPTCHA v3? Visit our\n[developer site](/recaptcha/docs/v3)\nfor more details.\n\nPosted by Wei Liu, Google Product Manager"]]