How hCaptcha Difficulty Settings Work

hCaptcha has several difficulty modes available for publishers to choose. Today we’ll look at what they do, and the tradeoffs of picking each one.

Note: this post refers to options available to standard hCaptcha users. Enterprise users and platform integrators have more customization options available. Please contact sales@hcaptcha.com to learn more.

Setting Difficulty per Site(key)

First, let’s navigate to the difficulty slider. You have one per sitekey, and can use sitekeys to target difficulty as needed.

You can use this feature to customize behavior on different sections of your site by simply creating more sitekeys with different settings.

For example, your password reset page might be Always On to reduce abuse, while a form to sign up for a mailing list might be Easy to provide a better user experience.

The difficulty slider

You can find this in the Sites tab of the dashboard:

Image for post
Image for post

Under Settings for each Sitekey.

-

-

How Difficulty Modes Affect Behavior

Easy

Choosing this option delivers a standard “no-captcha” experience for most users, most of the time: they may need to answer one or two challenges occasionally, but if their behavior patterns look normal they will in general be auto-passed after that confidence baseline is established.

If their behavior changes (e.g. they become part of a botnet) or other factors override this setting (e.g. their IP is associated with abuse) then they will see more captchas, but in general this is the lowest user frustration setting.

Choosing Easy will also filter the captcha types shown, generally showing those that most users can complete in a few seconds.

Moderate

This option will auto-pass some of the time, but will show challenges more often, and will select more difficult challenge types as necessary to reach a higher confidence in user humanity.

Difficult

This option will in practice auto-pass rarely, and will show more difficult challenge types than Easy or Moderate as well.

Always On

This option will never auto-pass, and will show more difficult challenge types similar to the Difficult setting.

How to Choose

In general we suggest that you choose the lowest setting that remains effective at meeting your security goals, as minimizing user frustration is the thing we all want to achieve.

Additional options for Enterprise Users

Enterprise users also have a wide range of additional options, including:

99.9% Passive

This option will auto-pass most low-risk users most of the time, but will start to show challenges in a variety of circumstances depending on your settings. Please see the enterprise documentation for details.

Passive

This option is a pure “No-CAPTCHA” experience: it will never show a visual challenge, but will always return a bot score to you. Please see the enterprise documentation for details.

More info on hCaptcha Enterprise features is available at BotStop.com.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store