Skip to main content

Hello,

I have implemented repatcha enterprise with the the score based assessment on on a register page.  At first a test website.

Now I wonder what would be a non fraudulent score. If I use my email address I get a score of 0.89.
Would it be ok if I assess all scores >= 0.7 as non-fraudulent? What would be a good starting point as a minimum score?

I could log the scores and then compare the values over time. So I may could see what is a good minimum score.

On the recaptcha enterprise website it states:
"With low scores, require MFA or email verification to prevent credential stuffing attacks."
Where could I set up MFA or email verification? Is there a documentation about it?

Thank you for any recommendations.

 

Hi @Genaro , 

You can set up MFA for your work email in Google admin using Workspace. 

Your methodology on tracking the scores for reCAPTCHA seems reasonable. These days, a minimum score of 0.3 would help me sleep better at night! 

I also suggest monitoring vulnerabilities using the "Security Command Center" and "Risk Manager" features in Google Cloud console. You can generate advisory notifications for specific security metrics you want to track. This might help you determine and adjust the minimum score in the short and long run. 

Good luck!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.