When a user logs on the the PMuser site via the Secure Password Extension (SPE) the reCAPTCHA may require numerous challenges to be completed before it is satisfied and allows the user to progress to the next step. But if the same user accesses the PMUser site via a desktop browser the user is required to satisfy a lesser number of challenges before being allowed progress to the next step.
The reCAPTCHA challenge is designed by Google to be more demanding via the SPE as opposed to the desktop.
If the reCAPTCHA suspects that the user who is attempting to satisfy the challenges is a ‘bot’ as opposed to a human then it will make the challenges considerably more difficult in order to frustrate ‘bot’ usage.
The SPE uses the system account to run Internet Explorer and runs it from another application, not from a standard browser. This combination of factors may make reCAPTCHA think it’s dealing with a ‘bot’ until eventually it’s satisfied that a human must be completing the challenges. Google does not publish how it determines if a particular user is a human or a ‘bot’.
In a desktop browser a user session is being used, the reCAPTCHA sees this as being used by a human and makes the challenge less demanding.
In 2013, reCAPTCHA began implementing behavioral analysis of the browser's interactions with the CAPTCHA to predict whether the user was a human or a bot before displaying the captcha, and presenting a "considerably more difficult" captcha in cases where it had reason to think the user might be a bot.
If difficult reCAPTCHA’s are a problem then it may be advisable to use CAPTCHA instead of reCAPTCHA.
To configure CAPTCHA on the PMUser home page see
And to configure CAPTCHA in a workflow see