reCAPTCHA keys, also known as site keys, let you protect your endpoints. To choose the appropriate reCAPTCHA key type, you must understand the differences between reCAPTCHA Enterprise key types, CAPTCHA challenge caveats, and end-user use cases.
Understanding the differences between reCAPTCHA Enterprise key types
reCAPTCHA Enterprise provides score-based (no challenge) and checkbox (checkbox challenge) site keys to verify user interactions on your web pages and mobile applications. Both key types return a score for each request, which is based on interactions with your site or application. This score lets you understand the level of risk that the interaction poses and helps you to take appropriate actions for your site or application.
The following table summarizes the differences between score-based and checkbox site keys, and helps you choose the appropriate key based on your use cases:
|Comparison category||Score-based site key||Checkbox site key|
|Description||Score-based site keys let you verify whether an interaction is legitimate without any user interaction.||Checkbox site keys use a checkbox challenge that requires user interaction to verify that the user is not a robot. Also, you can use checkbox site keys to protect specific actions with CAPTCHA challenges.|
|How it works||
With score-based site keys, the reCAPTCHA Enterprise API returns a score, which you can use to take action in the context of your site.
Examples of actions you might take include requiring additional factors of authentication, sending a post to moderation, or throttling bots that might be scraping content.
A checkbox site key renders an I'm not a robot checkbox that a user must click to verify that they're not a robot. This checkbox site key might or might not challenge them with CAPTCHA challenges. In both cases, the reCAPTCHA Enterprise API returns a score.
CAPTCHA challenges require a user to select certain kinds of objects, such as street signs, from a collection of images.
The following animated gif is an example of a checkbox key:
The following image shows a sample CAPTCHA challenge:
Before using CAPTCHA challenges, you must understand the CAPTCHA challenges caveats.
|Supported platforms||Websites and mobile platforms.||Websites only.|
Score-based site keys are appropriate for the following use cases:
|Checkbox site keys are appropriate for forms, logins, and signups on web pages. Though it might cause extra friction for users, an extra step such as CAPTCHA challenge helps to deter unsophisticated attackers.|
Understanding the caveats with CAPTCHA challenges
If you want to use checkbox site keys with CAPTCHA challenges to protect against automated attacks, be aware of the following caveats:
- CAPTCHAs require user interaction, which increases friction and might decrease conversion rates.
- Due to the advances in computer vision and machine intelligence, CAPTCHAs are becoming less useful to distinguish between humans and bots.
- CAPTCHAs are also under threat from paid attackers who can solve all types of challenges.
- CAPTCHAs are not accessible for all users, so they might not be suitable if your website has accessibility requirements.