Beacon uses Google's reCAPTCHA service to secure Beacon forms against attack by automated bots.
reCAPTCHA provides a mechanism that uses an advanced risk analysis engine to determine whether a form is being submitted by a real human or an automated bot. This adds a layer of protection to Beacon forms that prevents malicious form submissions.
Beacon uses reCAPTCHA in two ways to secure forms. Whenever a form is submitted the following happens:
- Beacon sends an initial request to the reCAPTCHA service to validate the form submission. This is based on how the form submitter has interacted with the page, and the information is gathered automatically while the user is on the page. If reCAPTCHA says that this looks like a human then the form is allowed to submit, if not we go to step 2...
- If reCAPTCHA is unsure about a user they will be asked to confirm that they're a real human by clicking a box and potentially performing a visual perception test (that's really hard for robots but easy for humans). If the user fails this test then the form will not submit.
Sorry, no droids allowed.