How to Remove Captcha in Secure Zone Login Form?

I am trying to remove the captcha from the auto generated Login Form for secure zones, but when manually remove it from the form code thats generated, I get an “unsuccessful login” error after trying to login with my username and password.

Has anyone else have luck with removing the captcha from the login form? Or is it a mandatory field that cannot be removed?

reCaptcha on login forms is mandatory to protect the server from brute force attacks I think. I’m not sure if reCaptcha v3 works now as replacement with login forms though. @Peter-Schmidt had some mixed experiences with that.

I am quite sure that it is a mandatory field. I have use cases where I would like users that are not logged in to add items to a custom module and I haven’t found a way to work around the ReCaptcha, so for them to login I just have the V3 ReCaptcha so they just click “I’m not a robot” and then login, seems to work fine after it was updated some time ago.

Would be nice if it was possible to have people signed in “automatically”, if you want them to add to a custom module, but on the other hand I get why Treepl would like some kind of control over users that can add items to for example a custom module :slight_smile:

On the captcha tickbox on a log in to a secure zone on one of our sites, there seems to be multiple windows for the user to verify with multiple picture windows (lots of clicking). Sometimes 2-3 windows, sometimes more, despite getting the clicks correct. On another site (same country, same location), there is only 1 picture window that pops up. Can anyone shed any light on why a site would have more verification pics? I tried looking but not much info.

@Megan I think it’s to do with how Google detects the spam risk.
If it scores high it’ll provide more challenges to the user.

As to what affects the score, I have no idea, but it’s likely to be many factors like IP address, browser, location, user history, the domain, site history, etc…

I’ve found that this happens more so in Safari. Whether that’s because I’m not logged into my Google account when in Safari or because it’s harder for Google to detect various settings for it’s scoring system… I don’t know.

Bottom line, I don’t think there is much you can do about it. But interested if anyone else has further insight into this.

Perhaps Treepl can adjust the spam score for your site, similar to how we have the spam score setting for recaptcha v3 in the admin?

Thanks @Adam.Wilson – as you say there is a setting on dashboard, /admin/misc for Captcha 3.

  1. But log in forms are Captcha 2 right?
  2. The site is set to 0.5 for Captcha 3. Do you know which way impacts sensitivity? Is it higher number more sensitive?

Be good to have some UX help info bubbles on the admin console for some of our settings.

Yeah, login forms are v2.
I don’t know which way the number needs to go. I’ll find out though…

Just some follow-up info on the recaptcha score value; how I understand it is the higher the score the safer/better the interaction is. And scores are between 0 and 1.
So setting a threshold of 0 would allow all (or most) users where as 1 would block or challenge more users since it would be harder to achieve such a higher score.
v3 Recaptcha docs:

@vlad.z could you confirm this is correct?

1 Like

Hi @Adam.Wilson
Yes you are correct.
You could test the score here
For example if you go to this page via general browser you may see score about 0.9
But if you visit it via incognito the score may decrease to 0.7 (that means that from recaptcha perspective you are looking less as a human from that browser mode)

1 Like