DEV Community

Cover image for Easy on Humans, Hard on Bots
Yago Costa Ayala
Yago Costa Ayala

Posted on

Easy on Humans, Hard on Bots

Have you ever been frustrated by trying to prove you're not a robot? Google's reCAPTCHA is here to help, and it has evolved significantly over the years to make this process smoother and more secure. Let's explore the different types of reCAPTCHA, their functionalities, reasons for discontinuing older versions, and what makes each one unique.

reCAPTCHA v1

Introduced in 2007, reCAPTCHA v1 featured two distorted texts that you had to transcribe correctly. One word was known and verified you were human, while the other helped digitize old books.

reCAPTCHA v1

By March 2018, advanced bots could easily bypass this system, and improved text recognition techniques made it less relevant. So, it was time to say goodbye.

reCAPTCHA v2

Released in December 2014, reCAPTCHA v2 upped its game. You've probably seen the "I'm not a robot" checkbox. When you click it, the system analyzes your behavior before and after. If it's unsure, it presents an image challenge where you select pictures matching a prompt.

reCAPTCHA v2

reCAPTCHA v2 is faster and less frustrating. It's designed to be more user-friendly while still keeping those pesky bots at bay.

reCAPTCHA v3

Launched in October 2018, reCAPTCHA v3 takes a more subtle approach. Instead of interrupting users with challenges, it assigns a score (0.0 to 1.0) based on your interactions with the site. This score helps site administrators determine if you’re a human or a bot without interrupting your experience.

reCAPTCHA v3 example

No more puzzles! reCAPTCHA v3 works silently in the background, giving you a seamless browsing experience while still protecting the site.

reCAPTCHA Enterprise

Tailored for businesses, reCAPTCHA Enterprise offers advanced protection against bots and fraud. It integrates deeply with a company’s security infrastructure and allows for robust customizations.

It includes sophisticated threat detection and advanced configuration options, making it perfect for large-scale enterprise needs.

Comparing reCAPTCHA v2 and v3

  • Advanced Algorithms: reCAPTCHA v3 uses sophisticated machine learning algorithms to analyze user behavior, providing a more accurate assessment of whether a user is legitimate or a bot.
  • Continuous Monitoring: Unlike reCAPTCHA v2, which relies on single-point interactions (like clicking a checkbox or solving an image puzzle), reCAPTCHA v3 continuously monitors user interactions across the site, leading to more precise detection of bots.
  • Non-Intrusive: Since it operates in the background without interrupting the user experience, it can gather more behavioral data, which improves the accuracy of its assessments.

In conclusion, reCAPTCHA v3 offers better performance and results in distinguishing legitimate users from bots due to its continuous monitoring and advanced machine learning capabilities.

How reCAPTCHA Works

Ever wondered what happens behind the scenes? Here's a quick rundown:

  1. Action Initiated: You perform an action that triggers reCAPTCHA.
  2. JavaScript Loaded: Your browser loads the necessary JavaScript.
  3. Signals Sent: The JavaScript collects interaction signals and sends them to Google’s servers.
  4. Token Generated: Google analyzes the signals and returns an encrypted token.
  5. Token Validated: The site validates the token with Google.
  6. Decision Made: Based on the validation, the system determines if you’re human or a bot.

how it works

How to Implement reCAPTCHA v3 Using React and Node.js

Here's a very simple example of how to implement reCAPTCHA v3 in a React application with a Node.js backend.

Frontend (React)

  1. Install the react-google-recaptcha-v3 package:
   npm install react-google-recaptcha-v3
Enter fullscreen mode Exit fullscreen mode
  1. Create a simple React component with reCAPTCHA v3
   // App.js
   import React, { useState } from 'react';
   import { GoogleReCaptchaProvider, useGoogleReCaptcha } from 'react-google-recaptcha-v3';

   function App() {
     const { executeRecaptcha } = useGoogleReCaptcha();
     const [token, setToken] = useState('');

     const handleSubmit = async () => {
       if (!executeRecaptcha) {
         return;
       }

       const token = await executeRecaptcha('submit');
       setToken(token);

       await fetch('http://localhost:5000/verify-captcha', {
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',
         },
         body: JSON.stringify({ token }),
       });
     };

     return (
       <GoogleReCaptchaProvider reCaptchaKey="YOUR_RECAPTCHA_SITE_KEY">
         <div>
           <button onClick={handleSubmit}>Submit</button>
         </div>
       </GoogleReCaptchaProvider>
     );
   }

   export default App;
Enter fullscreen mode Exit fullscreen mode

Backend (Node.js)

  1. Install express and body-parser packages
   npm install express body-parser
Enter fullscreen mode Exit fullscreen mode
  1. Create a simple Express server to verify the reCAPTCHA token
   // server.js
   const express = require('express');
   const bodyParser = require('body-parser');
   const fetch = require('node-fetch');

   const app = express();
   const PORT = 5000;

   app.use(bodyParser.json());

   app.post('/verify-captcha', async (req, res) => {
     const { token } = req.body;
     const secretKey = 'YOUR_RECAPTCHA_SECRET_KEY';

     const response = await fetch(`https://www.google.com/recaptcha/api/siteverify`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/x-www-form-urlencoded',
       },
       body: `secret=${secretKey}&response=${token}`,
     });

     const data = await response.json();
     if (data.success) {
       res.json({ success: true, message: 'Human verified' });
     } else {
       res.json({ success: false, message: 'Verification failed' });
     }
   });

   app.listen(PORT, () => {
     console.log(`Server running on http://localhost:${PORT}`);
   });
Enter fullscreen mode Exit fullscreen mode

Replace YOUR_RECAPTCHA_SITE_KEY and YOUR_RECAPTCHA_SECRET_KEY with your actual reCAPTCHA site key and secret key, respectively.

Conclusion

reCAPTCHA has come a long way in making the web safer and user-friendly. From deciphering texts to seamless, invisible checks, each version improves on the last. Choosing the right version depends on your site’s needs and the level of security you desire.

References

I hope you enjoyed this journey through the evolution of reCAPTCHA!

Top comments (0)