Which Capture Code Do You Use and Why

[ColinM]

I've just been reading up a bit (there's a lot to digest) on Google's latest reCAPTCHA V3. We now have quite a range of CAPTCHA options (V3, V2 - Invisible, V2 I'm Not a Robot etc).

Which CAPTCHA do you use and why and do you see any shortcomings with V3?

Interested in peoples thoughts, experiences and insights?

[Rob]

Any captcha that relies on Google account to be in tact, I stay away from 3rd party stuff. I simply use the recaptcha with the numbers and digits - old school.

Another way to do it I guess would simply be to ask a question with a definitive answer - assuming bots cannot guess what the field is supposed to say.
ex - "Q = 1+1 = "; A = "2".

Used it once with Yahoo as the host. Worked pretty well.

But this is just me...

[MGD4me]

I use Google's reCAPTCHA V2 "I'm Not a Robot" for two reasons...

First, it is an "in your face" visible verification process which alerts people that there is some form of checking standing between themselves and the application. It is hurdle much like the "old school" version, but doesn't require a person to read a string of weird-looking characters (IMHO).

Second, it simply asks a person "check' the verification box, and Google does the heavy lifting to decide to let the process proceed further without interruption, or challenge them with a series of match sequences.

So far, I have had no complaints that it is too difficult to use, which makes my life easier.

And finally, to help reduce the number of spammers, I capture the user's IP address and display it directly in the form, like "Your IP address is xxx.xx.xxx.xxx" so that it might be off-putting to potential trouble makers. By advertising that I know who you are, perhaps you will think before randomly spamming the website. I'm an optimist, perhaps!

[ColinM]

Hi Rob and MGD4me,

Thank you both for your well considered responses.

Any captcha that relies on Google account to be in tact, I stay away from 3rd party stuff. I simply use the recaptcha with the numbers and digits - old school.

Another way to do it I guess would simply be to ask a question with a definitive answer - assuming bots cannot guess what the field is supposed to say.
ex - "Q = 1+1 = "; A = "2".

Used it once with Yahoo as the host. Worked pretty well.

But this is just me...

Not a great fan of Google ay Rob? Yup, there's always that second option. And there's nothing "just" about you my friend.

I use Google's reCAPTCHA V2 "I'm Not a Robot" for two reasons...

First, it is an "in your face" visible verification process which alerts people that there is some form of checking standing between themselves and the application. It is hurdle much like the "old school" version, but doesn't require a person to read a string of weird-looking characters (IMHO).

Second, it simply asks a person "check' the verification box, and Google does the heavy lifting to decide to let the process proceed further without interruption, or challenge them with a series of match sequences.

So far, I have had no complaints that it is too difficult to use, which makes my life easier.

And finally, to help reduce the number of spammers, I capture the user's IP address and display it directly in the form, like "Your IP address is xxx.xx.xxx.xxx" so that it might be off-putting to potential trouble makers. By advertising that I know who you are, perhaps you will think before randomly spamming the website. I'm an optimist, perhaps!

Yup good point about in your face = and interesting idea on displaying the IP address - appreciate the input MGD...

[BaconFries]

Using a CAPTCHA isn't a guarantee that it will stop you being spammed. It may slow down bots but it can't stop the form being manually imputed by a "Spammer' hell bent on spamming you. Displaying the users IP is also not really "Full Proof" either this can easily be spoofed using a false IP address via a VPN which hides the true location of the "Spammer" or using a "Proxy Sever" which works in a similar fashion by changing your real IP.

With all this said Googles invisible Captcha is pretty good and Robs suggestion of using the "Maths" method is a good way to get the user to interact with the form contents but as mentioned nothing is "Full Proof".

[ColinM]

Hey BC - thanks for the input my friend.

Yes, I appreciate that Captcha in any form can't stop email spam or someone filling in the form "non botically"

I like the idea of V3 that a potential Client just has to click/tap on the Submit button. Trapping and displaying an IP address MIGHT manual deter form spammers - but it's also possible they could be using VPNs and it may also scare a customer away.

I've added a graphic to reinstate some visibility of the Captcha - you can see it here on a Client's website I've just updated.

[BaconFries]

Nice and congrats on the update / transfer of site

[ColinM]

Nice and congrats on the update / transfer of site

Thanks BC - moved from my old provider and the new one is SO much better