reCAPTCHA v3, as the new version has been branded, is a complete overhaul of the reCAPTCHA technology that we know and… most of the time hate.
The good news is that the new system does not require any user interaction anymore. Gone are the days of reCAPTCHA v1 when everyone was trying to decipher in garbled text, and gone are the days of v2 when everyone was getting annoyed at clicking on endless image streams of “store fronts,” “roads,” and “cars” for up to 2-3 minutes.
Google says that by observing how regular users interact with the website and its sections, it would be able to detect abnormalities and detect bots or undesirable actions.
Incoming visitors will be assigned “risk scores” based on their source or the action they want to take on a site. Scores will go from 0.1 (bad) to 1 (good). Site admins can decide how their website reacts based on the risk score.
The way they can do this is by adding a new “action” tag to the pages or page sections they want to protect. These “action” tags, in correlation with risk scores, will enable Google to take automated actions, when possible, such as requiring the user/bot to go through a phone verification to validate his identity before being allowed on a page or approving an action (such as posting a comment).
But Google says these “action” tags can also be used with a local site’s internal data, such as profile or transaction histories, as an alternative user validation system.
The entire system is very complex, compared to reCAPTCHA v2, but website owners have had a long time to test out the kinks thanks to a beta period that started last May.
The biggest benefit of reCAPTCHA v3 is that website owners can now control and decide how their website reacts to bots and bad traffic, and not let Google take these decisions for them, as it was the norm with v1 and v2.