We are adding another CAPTCHA vendor and helping our customers migrate from Google’s reCAPTCHA to hCaptcha.
Why We Are Making This Change
We continuously evaluate our security measures to ensure they align with the evolving landscape of threats. After carefully evaluating several different CAPTCHA providers, including rigorous testing by our threat research team, hCaptcha surfaced as a leading solution that we would like to use.
Our decision to switch to hCaptcha is driven by several factors. First, we wanted to ensure we use the most updated CAPTCHA service. We use reCAPTCHA Version 2, but because reCAPTCHA Version 3 isn’t GDPR compliant, we cannot use it. As a cybersecurity company, we prioritize compliance with global regulations to ensure the utmost security for our users. hCaptcha doesn’t rely on personal user data or historical interactions for its functionality, which aligns with our commitment to respecting user privacy. It also complies with privacy laws worldwide, including GDPR, CCPA, LGPD, PIPL, and more.
Additionally, this transition to hCaptcha addresses the market’s concerns about reCAPTCHA allowing two domains to access the same cookie data set to enable ad targeting. hCaptcha is also globally available, including in China, a region not supported by Google.
Furthermore, we were pleased with the high efficacy and continuous improvements offered by hCpatcha. Navigating multiple vendors can be challenging, requiring us to stay updated on their functions, API, and network changes. By moving to hCaptcha, we aim to streamline our processes and provide more efficient service to our users.
To conclude, this change will enhance our users’ privacy, provide us with more flexibility, and ultimately contribute to a more secure digital landscape.
When Are CAPTCHAs being used?
The majority of web application attacks today are automated. Preventing malicious automated traffic, commonly called “bots,” is a core capability of the Imperva Application Security Platform. However, cybersecurity is not solely about blocking all traffic. It involves differentiating between the good and the bad and, at times, challenging the uncertain. Some use cases of these automated attacks include Distributed Denial of Service (DDoS), brute force login attacks (Account Takeover), web scraping, and more.
We invest in and prioritize challenges that are primarily automated and transparent to the legitimate human user and thus result in a seamless, frictionless experience. But CAPTCHAs are a type of challenge that does require some human intervention. While we strive to only present a CAPTCHA as a last measure in a varied set of transparent challenges, we provide our customers with complete control over how they would like to manage their security measures. This means customers can still choose to issue a CAPTCHA challenge as a security rule.
As automated traffic becomes increasingly sophisticated, Imperva Advanced Bot Protection adds even more transparent challenges as part of its multi-layered detection approach. These significantly reduce the need to serve a CAPTCHA. In fact, on average, with Advanced Bot Protection, legitimate users will not be served a CAPTCHA on 99.999% of requests, ensuring a frictionless online experience without compromising security.
The Future of CAPTCHAs
At Imperva, we deliver top-notch cybersecurity solutions while ensuring a seamless user experience. While CAPTCHAs still play a vital role in cybersecurity, we recognize they aren’t perfect. We are committed to minimizing and, hopefully, eliminating the number of CAPTCHAs we issue altogether. Our transition to hCaptcha is a significant step in this direction.
Try Imperva for Free
Protect your business for 30 days on Imperva.
