Back to Blog
Security Strategy

How hCaptcha Difficulty Settings Work

April 3, 2020

Share
hCaptcha has several difficulty modes available for publishers to choose. Today we’ll look at what they do, and the tradeoffs of picking each one.

hCaptcha has several difficulty modes available for publishers to choose. Today we’ll look at what they do, and the tradeoffs of picking each one.

Note: this post refers to options available to standard hCaptcha users. Enterprise users and platform integrators have more options available. Please see https://www.hcaptcha.com/enterprise or contact [email protected] to learn more.

Setting Difficulty per Site(key)

First, let’s navigate to the difficulty slider. You have one per sitekey, and can use sitekeys to target difficulty as needed.

You can use this feature to customize behavior on different sections of your site by simply creating more sitekeys with different settings.

For example, your password reset page might be Always On to reduce abuse, while a form to sign up for a mailing list might be Easy to provide a better user experience.

The difficulty slider

You can find this in the Sites tab of the dashboard:

Under Settings for each Sitekey.

-

-

How Difficulty Modes Affect Behavior

Easy

Choosing this option provides a classic CAPTCHA experience, delivering a standard “easy” challenge for most users, most of the time.

Choosing Easy will filter the captcha types shown, generally showing those that most users can complete in a few seconds.

Moderate

This option will select more difficult challenge types as necessary to reach a higher confidence in user humanity.

Difficult

This option will show more difficult challenge types than Easy or Moderate as well.

Always On

This option will never auto-pass, and will show more difficult challenge types similar to the Difficult setting.

How to Choose

In general we suggest that you choose the lowest setting that remains effective at meeting your security goals, as minimizing user frustration is the thing we all want to achieve.

Additional options for Enterprise Users

Enterprise users also have a wide range of additional options, including:

99.9% Passive

This option will auto-pass most low-risk users most of the time, but will start to show challenges in a variety of circumstances depending on your settings. Please see the enterprise documentation for details.

Passive

This option is a pure “No-CAPTCHA” experience: it will never show a visual challenge, but will always return a bot score to you. Please see the enterprise documentation for details.

More info on hCaptcha Enterprise features is available at https://www.hcaptcha.com/enterprise.

Subscribe to our newsletter

Stay up to date on the latest trends in cyber security. No spam, promise.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Back to blog