Could Cloudflare consider an alternative to reCAPTCHA?

Thanks for the link :bowing_man:, I guess this is what has been already in place for a while, though.

V2 has something of the likes of a version 2.5 which was invisible recaptcha. The only difference between invisible and regular V2 was that the submit button became the “I am not a robot” checkbox, any you still do the captcha challenge if you have a low score.

V3 here tracks regular activity a user does across the entire page (and across the entire session) then lets the origin website choose what to do with the user’s trust level/trust score (the 0-1 score from recaptcha test).

2 Likes

I presume the same will apply to version 3.

The link posted above by @lukastribus actually already refers to v3 and thats where I consistently get scores of 0.3. So my guess would be once Cloudflare switches to v3 I might be completely locked out - yeaaaah :partying_face:

1 Like

On my Daily Driver Safari, I score a 0.3. On my sanitized Firefox and Chrome, I get a 0.7. I guess Safari’s anti-tracking stuff is working.

1 Like

Is that while being logged into Google accounts or “plain”? Up until ~2 weeks ago I got 0.7 when logged in, now I get 0.3 consistently across browsers and regardless of whether I am logged into a Google account or not.

Good question. I wasn’t logged into Google, but just logged in and it’s still 0.3.
Firefox (Private) and Chrome (Incognito) are never logged into Google and get a 0.7. Firefox Nightly gets me a 0.3.

maybe the score is built up over the time and duration you’re logged into google ?? i just checked my score it’s at 0.9 while always being logged into google and 0.7 while in incognito in Opera browser

I wouldn’t advise focusing too much on the score returned by the example page. That example is intended to show an approach to implementing the v3 API using the PHP code hosted here. The score returned is specific to that particular request and is not an indicator about the status of your Google account.

When using the v3 API on your own site, the score indicates the confidence in which the service has that this is a non-automated request. It is not a definitive answer, only an indicator. A low score can be used as a prompt for additional verification on an action - for example, a confirmation SMS - rather than blocking a user entirely.

That is quite likely but also a problem if your browser is configured for regular amnesia :slight_smile: and you yourself still part of the generation who still knows what a logout button does :wink:

2 Likes

Possibly any update on that issue, @ryan?

I just mistyped my password and the captcha immediately kicked in, for the IP address and the account. I was fortunate enough that Google felt gracious today to consider my Google account worthy to skip the captcha but God knows how long that will be like that :roll_eyes:

I am not sure whether upgrading to version 3 would help, but the way it is right now is quite annoying, I am terrified of typing the password :smile:

1 Like

maybe CF account could have a setting to choose between v2 and v3 for end users ??

1 Like

It generally would be lovely it one could customise these security settings on a per-account level. I’d really appreciate if I had the ability to turn that off :slight_smile:

1 Like

Assuming there was a better chance of the withdrawal agreement passing the British parliament yesterday than Cloudflare switching away from reCAPTCHA :wink: could at least the sensitivity be decreased a bit?

One typo in the password and one has to go through the Google ordeal. Could that be increase to at least two or three attempts? Thanks :nerd_face:

1 Like

That’s what you get for not using a password manager. :smirk:

2 Likes

Ohh, I would, but it doesnt necessarily make using the account easier when you dont have that very password manager at hand :slight_smile:

On a serious note though, I think a grace typo should be permitted. If Cloudflare cant help imposing the captcha it should at least not kick in after one single failed attempt. What do you think? :sunglasses:

One typo and you are out.

Looks like we got our wish

A little surprised this wasn’t communicated with site owners at all, not even with a blog post.

4 Likes

I havent tried it and do not intend to, but I am not sure that is what I meant by alternative :wink:

I guess the issue with a single typo and the login going berserk is still there.

But yes, not entirely what you meant, @sandro!

I am afraid, not what I meant at all.

I am also not sure whether we should welcome that migration, however my request was not so much about the challenge page but rather about the Cloudflare login in the first place.

1 Like