Blog Post View

What are Captcha and ReCaptcha?

With hacking attacks going to the next level, most websites have become more vigilant to shield every possible cyber-attack. Captcha is something that has been around for some time and it is widely being used by many websites. Captcha is a challenge-response test provided over the website. This is used to determine if the user is a human or an automated bot. Captcha was first formed in 1997 and was officially introduced in 2003 by John Langford, Nicholas Hopper, Luis von Ahn, and Manuel Blum.

What is Captcha?

A typical captcha text contains distorted alphabets or alphanumeric characters. This needs to be entered by the user in a text box to get validated. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Human Apart.

Websites implement Captcha to prevent spams. Spammers target websites to submit spam data to in the hopes to bring traffic back to their server. In most cases, spams result in a denial of service (DOS attack which can bring down the complete application or website.

To avoid this, websites implement Captcha which makes it difficult for an automated bot to run or log in to the system. The distorted letters and grid photos are used to filter bots from humans, and avoid spams.

Advantages and Disadvantages of Captcha

Few of the advantages of Captcha are:

  • Increases security
  • Reduces spams
  • Blocks automated increased usage of services
  • Makes online activity safer
  • Differentiates human and computers

Few disadvantages of Captcha are:

  • Fails in some browsers
  • Sometimes, it is difficult to read
  • Challenging for people with disabilities
  • Time-consuming
  • Not guaranteed to be fool proof

Captcha offers an added security and is a good feature to be incorporated in your website if you're suffering from spams. In most cases, online portals for sign up to any services or online payment websites use captcha.

Captcha has few downsides, which may result in the loss of users. A better implementation of Captcha is ReCaptcha. Common types of Captcha include:

  • Simple Captcha text that is easy to read
  • Distorted letters with a mix of small and Capital alphabets
  • Distorted letters with alphabets and numbers
  • Maths problems with the addition of two numbers. E.g.: 2+8
  • Image-based Captcha. E.g.: Select all images with a car

ReCaptcha: ReCaptcha is currently the most widely used implementation of Captcha. This was acquired by Google in 2009. This assists in the digitization of books. ReCaptcha was used to completely digitize archives of the New York Times along with several other Google books.

Apart from the digitization of books, it has also been used to translate books in a different language and scan illegible books. Very recently, ReCaptcha started a No Captcha which reduces the number of times captcha will be displayed on a user's screen. To do this, the user's browser activity is analyzed to determine if it's a bot. This simply shows a checkbox showing "I am not a robot".

ReCaptcha is easily readable for humans and is difficult for bots. ReCaptcha has 2 versions:

  • ReCaptcha v2
  • ReCaptcha v3

ReCaptcha v1 has been officially shut down by Google on March 2018.

  • ReCaptcha v2 – Android: This is an android library that is a part of Google Play services Safety Net API and can be directly implemented within the app. To invoke the ReCaptcha API, the user would require Google Play services on the app and should be able to connect GoogleAPIClient. With this either it will not ask for Captcha and let the user use the services or challenge the user to validate that it is a human.
  • ReCaptcha v2 – Invisible ReCaptcha: Here the invisible ReCaptcha is basically invoked by an embedded JavaScript and the user does not require to explicitly click on a checkbox. Only suspicious traffic will require to be validated using a complete captcha.
  • ReCaptcha v2 – I am not a robot: Here the user would be shown an "I am not a Robot" checkbox. This will be shown for non-suspicious traffic. In other cases, the complete captcha will be displayed where the user will have to get validated to prove it’s not a bot.>
  • ReCaptcha v3 – This does not require any user intervention. This contains JavaScript which runs in the background and returns a score. This score lets the website implement additional action such as additional authentication or bypass the captcha.

How to implement ReCaptcha

ReCaptcha can be implemented by anyone easily. To implement this, you can visit the official ReCaptcha website. Here you can provide details of your domain and the ReCaptcha version.

Once you fill in all the details you can submit. Once you submit, you will receive a site key and a secret key. As a next step, you can add the ReCaptcha script.

A sample code is as shown below:

    <title>ReCaptcha Sample page</title>
     <script src="" async defer></script>
    <form action="Your action" method="POST">
     <div class="g-reCAPTCHA" data-sitekey="add the site key here"></div>
      <input type="submit" value="Submit">

While this is a complete form, all you need to add is a script tag for the ReCaptcha API and a snippet to add the site key.

<script src=''></script>
<div data-sitekey="Add your site key here"></div>


Captchs and reCaptcha are technology used with HTML forms to filter bots from humans. By implementing captcha, a user must prove it's a human by enting the info requrested by reCaptcha. Recently, invisible captcha (or noCaptcha) has been added to make it easier on humans. Adding captcha or reChaptcha to your HTML form will eliminate or reduce the number of spam submissions.

Share this post

Comments (0)

    No comment

Leave a comment

All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.

Login To Post Comment