The famously irritating reCaptcha v1 asked site visitors to identify and input distorted text, which in some cases was almost impossible to decipher. reCaptcha v2 was a significant improvement as it only asked users to click a box, but if it suspected you were a bot then a series of image challenges (pick all the boxes containing cars, birds, people losing their will to live) was presented.
With reCaptcha V3, users aren’t asked to do anything; instead, interactive challenges are replaced with scores, which are based on user interactions with a website. A “good” score is 1.0 and a “bad,” bot-like interaction scores 0.1.
Developers can add a new “action” tag to their pages to run risk analysis on visitors. “In the reCAPTCHA admin console, you can get a full overview of reCAPTCHA score distribution and a breakdown for the stats of the top 10 actions on your site, to help you identify which exact pages are being targeted by bots and how suspicious the traffic was on those pages,” writes Google.
Site admins can use reCaptcha v3 in different ways, such as setting a threshold for when extra verification is needed. They can also combine the score with their own data—user profiles, histories, etc.—or use the reCaptcha v3 score to train a machine learning model.
reCaptcha v3 has been in beta since May and will become widely available later this week.