How to handle low score of Recaptcha v3
I implemented Captcha v3 on my site in the following areas with their appropriate Google specified actions:
- Login
- Register
- Homepage
- Subscription Purchase
- Main "do the thing" page of the application, in other words where the magic happens.
But what should happen if I detect a low score? Meaning Google thinks the user is either spam, bot or a security risk.
I can think of these options:
- Display a message inline ie "Suspicious behavior detected. Please try again later. Contact support link"
- Throw them over to a new page with a similar message and log them out.
- Ask them to verify they're identity another way, ie email confirmation or SMS.
Has anyone learned any lessons on handling low scores and providing the best experience? -