Narrative

ReCAPTCHA is a free service from Google that helps protect websites from spam and abuse by asking users to complete a simple test that proves they are human and not a computer system or a tool trying to break into a password protected account.

Currently, Keycloak only supports ReCaptcha just for the registration pages, not for any other pages (like the password-reset page).

Value Proposition

• Protection against online account takeovers and fraudulent users.
• reCAPTCHA safeguards online systems and applications by detecting and protecting against account takeovers, blocking credential stuffing attacks and fake account creation, with zero user friction.

Acceptance Criteria

• ensure a proper support is added for a captcha on the password reset page
• test and validate with Google reCaptcha on the Keycloak password reset page

Implementation Notes

• need to make captcha a generic thing first; with Google reCaptcha being one available provider.