Zum Inhalt springen
ALTCHA ALTCHA ALTCHA

Dieser Inhalt ist noch nicht in deiner Sprache verfügbar.

Adaptive Captcha

ALTCHA Sentinel includes a feature called Adaptive Captcha that enables frictionless verification for legitimate users while enforcing a code challenge for high-risk users or those who have misbehaved recently.

Feature Highlights

  • Provides frictionless verification for legitimate users with additional checks for flagged users
  • Implements code challenges as an additional obstacle for bots and suspicious users
  • Offers accessible, WCAG and EAA-compliant audio playback options for assistive technologies
  • Automatically managed by Autopilot

Frictionless Captcha

Legitimate users are presented with a simple proof-of-work-based captcha that works seamlessly in the background, eliminating visual puzzles and disruptive challenges. This approach balances security with accessibility, providing an unobtrusive captcha solution.

Code Challenge

Flagged users are presented with a code challenge, requiring active interaction to verify legitimacy. Unlike the frictionless captcha, this introduces a deliberate step for suspicious traffic, strengthening security while filtering out automated abuse.

Note: This is a demonstration showing only the user interface without full functionality.

How Adaptive Captcha Works

Adaptive Captcha evaluates multiple server-side signals on every verification request. These signals form a combined risk score, and if the score crosses a threshold, Sentinel requires the user to complete an additional code challenge. This ensures legitimate users pass seamlessly while automated or suspicious traffic is filtered out.

Sentinel does not rely on browser fingerprinting or invasive client-side tracking. Instead, it uses strictly server-side, privacy-preserving detection techniques that focus on usage patterns, not who the user is. Learn more about Anonymization and Privacy Protection, and GDPR compliance.

Evaluated Factors

  • Automated clients (bots, crawlers, AI agents)
    Bots typically exhibit usage patterns that differ significantly from real users — such as abnormal request timing, parallelised form submissions, malformed payloads, or missing browser characteristics. Sentinel analyses these patterns, along with protocol anomalies and known automated client signatures, to detect non-human traffic.

  • Suspicious or malicious networks
    Sentinel maintains an up-to-date local database of high-risk IPs, including TOR exit nodes, abuse lists, botnet ranges, and cloud hosts frequently used for automated scripts. Access from these networks automatically increases the risk score. Learn more about automated Threat Intelligence.

  • High-risk geographic regions
    Requests from high-risk locations with historically high volumes of automated abuse may receive higher scrutiny. This behaviour is fully configurable and can be disabled based on compliance requirements.

  • Non-standard or incomplete browser requests
    Requests that lack typical browser headers or contain unusual header combinations are often generated by scripts or automated tools. These inconsistencies increase the risk score.

  • User penalties
    Sentinel applies temporary penalties for suspicious activity such as exceeded rate limits, repeated failed challenges, malformed requests, or excessive frequency. Because bots often repeat the same operations quickly and predictably, these penalties help identify and throttle automated misuse. Accumulated penalties may trigger Adaptive Captcha or increased proof-of-work difficulty.

  • Server load conditions
    During high-traffic periods or when the server is under stress, Sentinel can automatically tighten challenge thresholds to maintain stability and mitigate coordinated attacks.

Accessibility

To maintain compliance with EAA 2025 and accessibility with assistive technologies such as screen readers, audio playback of the challenge code is available. The audio supports multiple languages to accommodate users worldwide.

Supported Languages

Since the code is always generated using only the Latin alphabet, some languages are not supported, and the audio challenge defaults to English instead.

The audio challenge supports the following languages:

  • Afrikaans (af)
  • Bosnian (bs)
  • Czech (cs)
  • Croatian (hr)
  • Danish (da)
  • Dutch (nl)
  • English (en)
  • Estonian (et)
  • Finnish (fi)
  • French (fr)
  • German (de)
  • Hungarian (hu)
  • Icelandic (is)
  • Indonesian (id)
  • Irish (ga)
  • Italian (it)
  • Latvian (lv)
  • Lithuanian (lt)
  • Maltese (mt)
  • Norwegian Bokmål (nb)
  • Polish (pl)
  • Portuguese (pt)
  • Romanian (ro)
  • Serbian (sr)
  • Slovak (sk)
  • Slovenian (sl)
  • Spanish (es)
  • Swedish (sv)
  • Turkish (tr)
  • Vietnamese (vi)

Enabling Adaptive Captcha

You can configure Adaptive Captcha settings in each Security Group within Sentinel.

There are two ways to enable Adaptive Captcha:

  1. Autopilot: When enabled, this feature automatically manages adaptive captcha as needed
  2. Manual configuration: If not using Autopilot:
    • Enable the Code Challenge feature
    • Activate Adaptive Mode