hCaptcha has several difficulty modes available for publishers to choose. Today we’ll look at what they do, and the tradeoffs of picking each one.
Note: this post refers to options available to standard hCaptcha users. Enterprise users and platform integrators have more customization options available. Please contact email@example.com to learn more.
Setting Difficulty per Site(key)
First, let’s navigate to the difficulty slider. You have one per sitekey, and can use sitekeys to target difficulty as needed.
You can use this feature to customize behavior on different sections of your site by simply creating more sitekeys with different settings.
For example, your password reset page might be Always On to reduce abuse, while a form to sign up for a mailing list might be Easy to provide a better user experience.
You can find this in the Sites tab of the dashboard:
Under Settings for each Sitekey.
How Difficulty Modes Affect Behavior
Choosing this option delivers a standard “no-captcha” experience for most users, most of the time: they may need to answer one or two challenges occasionally, but if their behavior patterns look normal they will in general be auto-passed after that confidence baseline is established.
If their behavior changes (e.g. they become part of a botnet) or other factors override this setting (e.g. their IP is associated with abuse) then they will see more captchas, but in general this is the lowest user frustration setting.
Choosing Easy will also filter the captcha types shown, generally showing those that most users can complete in a few seconds.
This option will auto-pass some of the time, but will show challenges more often, and will select more difficult challenge types as necessary to reach a higher confidence in user humanity.
This option will in practice auto-pass rarely, and will show more difficult challenge types than Easy or Moderate as well.
This option will never auto-pass, and will show more difficult challenge types similar to the Difficult setting.
How to Choose
In general we suggest that you choose the lowest setting that remains effective at meeting your security goals, as minimizing user frustration is the thing we all want to achieve.
Additional options for Enterprise Users
Enterprise users also have a wide range of additional options, including:
This option will auto-pass most low-risk users most of the time, but will start to show challenges in a variety of circumstances depending on your settings. Please see the enterprise documentation for details.
This option is a pure “No-CAPTCHA” experience: it will never show a visual challenge, but will always return a bot score to you. Please see the enterprise documentation for details.
More info on hCaptcha Enterprise features is available at BotStop.com.