Google's new reCAPTCHA doesn't require a click


Google first launched its bot-detection reCAPTCHA system in 2007, which means that for over 10 years we've been deciphering garbled text, identifying street lights and clicking tiny boxes in a bid to prove we're human and subsequently access the sites and pages we want to view. But not anymore. Google's reCAPTCHA v3 completely eliminates the need for user interaction, instead relying on adaptive risk analysis to pick up suspicious traffic.

The new version runs in the background of a website, producing scores from 0.1 (bad) to 1 (good) for interactions and behaviors with that site. Site admins can decide how their website should react based on these scores, and can use them in one of three ways.

"First, you can set a threshold that determines when a user is let through or when further verification needs to be done, for example, using two-factor authentication and phone verification," Google explains on its Webmaster blog. "Second, you can combine the score with your own signals that reCAPTCHA can't access—such as user profiles or transaction histories. Third, you can use the reCAPTCHA score as one of the signals to train your machine learning model to fight abuse."

Great news for users, then -- since most sites use Google's API we can expect a more friction-free browsing experience in the future. But it does seem like extra work for site admins. However, most website owners will appreciate taking back control over the way their sites react to traffic without leaving Google to make the decision on their behalf based on garbled images.