Root Cause Analysis on reCAPTCHA Token Invalidation

I recently encountered an issue where some of our systems unexpectedly became unavailable. After investigating, we found that the reCAPTCHA token used in our applications had suddenly become invalid.

We didn’t deactivate the token ourselves and didn’t receive any notification from Google about its deactivation. Has anyone else faced a similar situation? I’d love to hear your insights or suggestions on where to start investigating this kind of issue.
I’m also a bit concerned that this might happen again in the future, so any advice on how to prevent it would be greatly appreciated.

Thanks in advance for your help!

Page 1 / 1

In some cases where a production key hasn't been used in a very long time (several months), it will be removed. Is this the case you're seeing or was this key being actively used?

Thanks,
Amitai Rottem, reCAPTCHA Product Manager

I appreciate your answer, @amitair. thank you!
Actually, we use those keys frequently in our applications, with over 5K accesses per day.

We have recreated the recaptcha keys for one of our sites for the second time in 4 weeks today. Works for thousands of visitors everyday until suddenly it doesn't. We have not had a response from Google on the support ticket in 4 weeks either.

It's very frustrating, @mattbolton. We are planning to move to hCaptcha or other solution because reCAPTCHA Enterprise is too much expensive and we are not sure that Enterprise will protect us of this kind of expiration/invalidation of tokens without notification.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded