Google Recaptcha Gets an Update with No Verification Tasks

There isn’t anyone who visits websites regularly on the Internet who hasn’t encountered a Google Recaptcha one too many times. It can be annoying when you just want to get to a website and are stopped by the pop-up asking you to check a box, type in a word, or solve a puzzle to prove you’re human.

The good news is that Google has updated the system to Recaptcha v3, a system that requires no participation on the part of the visitor to the website.

Are You a Human or a Bot?

Recaptchas stem from Captchas, a system of testing if a site visitor is a human or a bot by requiring some type of action to be done that could only be done by a human.

This led to Google developing Recaptchas that had a dual objective. While they were testing human vs. bot, when they were displaying the words, they were also checking the validity of words that had been scanned in using OCR software while converting printed books to ebooks.

news-google-recaptcha-robot

However, the Recaptchas don’t always use words in the current versions and seem to be more along the lines of Captchas and just determining human vs. bot.

Sometimes it’s just a matter of clicking a box to indicate you’re human, while other times it’s solving a puzzle or clicking all the images that you see that contain a certain object, like a car or a street sign. In the effort of making it more involved, it seemed to only get more difficult to solve and get through.

Recaptcha v3

Instead of asking the site visitor to do all the work, Recaptcha will now do the work and will let website owners know whether their users seem to be humans or bots by generating a score, and they can then act accordingly.

Recaptcha v3 returns a score for each request without user friction,” said Google. “The score is based on interactions with your site and enables you to take an appropriate action for your site.”

news-google-recaptcha-logo

Traffic will be ranked with a score from 0.0 to 1.0, with 1.0 being the best type of interaction to have and 0.0 being the worst, indicating the traffic is most likely bots.

Website owners can create scripts that will perform actions to produce the traffic score. If the site gets a low score, two-factor authentication or email verification can be used as a login to keep the bots out.

Additionally, website owners can create a script for various different parts of their website to evaluate what part bots may be using. If it’s determined the bots are on a product review page, Recaptcha can identify the fake reviews and remove them to improve the site’s integrity.

What It Means for You

Perhaps the best part of Recaptcha v3 is that it means no extra work on the part of the site visitor. You won’t be asked to retype words exactly, solve puzzles, click boxes, or eliminate pictures of traffic signs.

What do you think of the new Google Recaptcha? Are you pleased to not have to fulfill any verification tasks just to use a site? Or was this never much of a bother to you? Let us know what you think of Recaptcha v3 in the comments.

Image Credit: I’m not a robot via Google. All others public domain

4 comments

  1. Sounds like active tracking throughout the entire visit to generate a score. I wonder what unique identifiers are built into recaptcha and reused as the system tracks the user across the web. I suspect it won’t be long before fingerprints and/or FaceID will be a requirement for posting a “first!” comment.

  2. “Are you pleased to not have to fulfill any verification tasks just to use a site?”
    After the first couple of times I encountered the “Which pictures contain a traffic sign” riddle and got into a recursive loop, I just ignored the site with Recaptchas. If I saw a Recaptcha, I just moved on to other sites.

    I welcome the new version of Recaptcha until it starts to be too much of an annoyance. Luckily very few of the sites I want to visit use any human or bot determinants.

  3. Not use any verification images… if only that were true!

    Recaptcha asks me to do it every single time, no exceptions, and I usually end up being rejected to site access after many frustrating minutes. They’re popping up on sites that never had them before, and I can’t solve them.

    Guess that’s my punishment for not allowing their analytics scripts to run and track my movements in the first place, which is none of their business anyway. What a pox on the computing landscape Google has become!

  4. This goggle thing is not much about services anymore, i think it turned more like “What is allowed for me, i make it disallowed for you”.
    I’m getting surprised what defines security attacks by time going.

Comments are closed.