search

Types of reCAPTCHA

hashtag
reCAPTCHA v2 (Checkbox)

The "I'm not a robot" Checkbox requires the user to click a checkbox indicating the user is not a robot. This will either pass the user immediately with no captcha (one click) or challenge them to validate whether or not they are human.

When you see the following checkbox on a website, that means it is using "I'm not a robot" Checkbox reCAPTCHA v2.

hashtag
Checkbox Response

When the checkbox is clicked, you will either instantly pass through with one click, or have to solve a challenge where you will have to select different images that match the challenge request.

Refer to reCAPTCHA v2 Test Responsesarrow-up-right for more information on the different types of reCAPTCHA v2 responses and how it relates to the current trust of your Gmail account.

hashtag
One Click Status

A one click just refers to the action of clicking the checkbox and the captcha validation is completed immediately with no further action required involving clicking different pictures.

If your Google Account is one click status and the IP in your harvester is trusted, then you will not receive a captcha request here. You will instantly pass the captcha test just by clicking the checkbox.

You will only be prompted to solve a captcha challenge if Google deems you to be a suspected bot based on the combination of your Google account and IP. The difficulty of the challenge will vary depending on the trust level of the user. A higher trust Google Account and IP combination will receive easier captcha challenges. The lower the trust of your Google Account and/or IP are, the more difficult the captcha challenge will be.

hashtag
Websites Using reCAPTCHA v2 Checkbox

  • Shopify Checkpoint

  • Shopify Checkout

  • Footsites Queue-It

hashtag
reCAPTCHA v2 (Invisible)

Invisible reCAPTCHA does not require the user to click on a checkbox. Instead, it is directly embedded onto an existing button on a site.

When you see the following banner on a website, with no checkbox captcha to click, that means it may be using invisible reCAPTCHA v2.

hashtag
One Click Status

A one click for this captcha just refers to the action of clicking the button with invisible reCAPTCHA embedded into it and the captcha validation is completed immediately without any further action required involving clicking different pictures or the user even realizing there was a captcha there in the first place.

Just like the reCAPTCHA v2 checkbox test, a highly trusted Google Account and IP will receive one clicks here. An untrusted Google Account and/or IP will be flagged as a suspected bot and have to complete a captcha challenge in order to receive a captcha token and complete the action you were doing.

hashtag
Difficulty

Invisible v2 tends to be much easier to get one clicks for. Aged accounts that are harvested for a short period have shown a high chance of having one clicks for Invisible v2.

However, the amount of one clicks you get may vary depending on the trust level of the account. Accounts that have one click status for Checkbox v2 are more likely to get far more one clicks than accounts that can only get one clicks for Invisible v2.

hashtag
Notes

Sites using invisible reCAPTCHA v2 tend to have an easier chance of getting one clicks. This means that having one clicks for invisible reCAPTCHA v2, does not mean you will get one clicks necessarily for checkbox reCAPTCHA v2.

Having a trust score of 0.9 in this case also does not mean you will get one clicks. However, it means Google thinks you are more likely to be human and on the right track to obtaining one clicks.

hashtag
Websites Using reCAPTCHA v2 (Invisible)

  • Finish Line/JD Sports

hashtag
reCAPTCHA v3

reCAPTCHA v3 is basically invisible captcha that you do not need to solve. It is different from the reCAPTCHA v2 you would normally see on Shopify sites and Supreme where you have to click the corresponding images in a challenge to complete the Captcha request.

When you visit a site that has reCAPTCHA v3 enabled, you are automatically assigned a score from a range of 0.1 to 0.9. This score will be your trust score as mentioned throughout this guide.

hashtag
reCAPTCHA v3 Scores

The website using reCAPTCHA v3 security will automatically make the request and Google will return a reCAPTCHA v3 score for each request that is made. These scores can be one of the following:

  • 0.9: Best possible score to have. This means Google believes you are a human.

  • 0.7: Not fully trusted, but are more likely to be human than bot.

  • 0.3: Untrusted score, Google will most likely think you are a bot still.

  • 0.1: Worst possible score to have. This means Google thinks you are a bot and untrusted.

hashtag
reCAPTCHA v3 Score Factors

Your reCAPTCHA v3 score will be a combination of four factors:

  • Gmail Account signed in

  • IP address the request is being made from

  • Site security settings

  • Site traffic

The trust score of an account generally refers to the reCAPTCHA v3 score returned by that account and IP combination, but can be influenced by the site security and traffic.

An account itself can be trusted, but if the IP is flagged, you will get a low score. You can test this on an account you'd normally have a score of 0.9 on. Changing the IP from a trusted one, to a flagged IP, will result in the score instantly dropping from 0.9 to 0.1 or 0.3 potentially.

hashtag
Varying Scores

Depending on the website and time of day, you may notice different reCAPTCHA v3 scores at different moments. This means that a score shown in a tester may not necessarily be accurate for every moment possible, and may or may not be an accurate representation of the score a website like Yeezy Supply would return.

hashtag
Score Thresholds

Websites can set their captcha settings so that only certain scores above a certain threshold such as 0.7 and 0.9 are allowed to purchase an item, so keep this in mind when running for a release. It is always ideal to run accounts that are highest trust at a score of 0.9 over 0.7 whenever possible, to improve your odds of passing splash.

hashtag
Longevity of Score

An account's score can deteriorate if too many requests for this form of captcha is made during a short period of time. This means you can enter a drop with a score of 0.9, and finish the drop with a lower score. Always run a good task to harvester ratio of around 10-15 tasks per Gmail Account to minimize scores dropping a release.

hashtag
IP Bans

Google tends to temporarily ban an IP that has solved too many reCAPTCHA v3 requests over the account itself. If an IP is banned during a drop, it will only be temporary and go away after a few hours. If an IP does get banned, you will need to replace the IP on that harvester in order to solve more reCAPTCHA v3 requests from that harvester. Refer to Yeezy Supplyarrow-up-right for more information on IP bans.

hashtag
Sites Using reCAPTCHA v3

  • Yeezy Supply

  • Adidas

PreviousreCAPTCHANextOne Clicks

Last updated