This section provides an overview of the reCAPTCHA service, system requirements for using it and references.
reCAPTCHA is a free CAPTCHA service provided by Google. You can use it to protect the Self-Service site from bots attempting to access restricted areas.
As reCAPTCHA uses images that optical character recognition software has been unable to read, it provides a secure protection for Web sites.
- A user opens the Self-Service site.
- The user’s browser sends the public key obtained during registration on the reCAPTCHA site to the Google reCAPTCHA API server and receives a reCAPTCHA image with a token to identify the image.
- The user deciphers the image (distorted text) and submits a response in a Web page form. The response and the token are transferred to the Password Manager server.
- The response, the token and the private key (obtained during registration on the reCAPTCHA site) are then transferred to the Google reCAPTCHA Verify server to be checked. After checking the response, the reCAPTCHA server sends a reply back to the Password Manager server.
- If the response is correct, the user is granted access to further steps on the Password Manager site.
To display reCAPTCHA images on the Self-Service site, include the Display reCAPTCHA activity in required workflows. To require users to reply to a reCAPTCHA challenge before authentication, place the Display reCAPTCHA activity before any authentication activity in a workflow designer.
For more information on using reCAPTCHA in workflows, see Display reCAPTCHA.
You can also use reCAPTCHA on the Find Your Account page of the Self-Service site and require users to reply to the reCAPTCHA challenge before searching for their accounts. For more information, see Configuring Security Options.
To be able to use reCAPTCHA on the Password Manager sites, make sure the following requirements are met: