This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Root Cause Analysis on reCAPTCHA Token Invalidation

Posted on 01-14-2025 11:10 AM
GuigoTruck
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I recently encountered an issue where some of our systems unexpectedly became unavailable. After investigating, we found that the reCAPTCHA token used in our applications had suddenly become invalid.

We didnโ€™t deactivate the token ourselves and didnโ€™t receive any notification from Google about its deactivation. Has anyone else faced a similar situation? Iโ€™d love to hear your insights or suggestions on where to start investigating this kind of issue.
Iโ€™m also a bit concerned that this might happen again in the future, so any advice on how to prevent it would be greatly appreciated.

Thanks in advance for your help!

0 4 317
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
amitair
Staff
Reply posted on --/--/---- --:-- AM

 In some cases where a production key hasn't been used in a very long time (several months), it will be removed. Is this the case you're seeing or was this key being actively used?

Thanks,
Amitai Rottem, reCAPTCHA Product Manager

Posted on --/--/---- --:-- AM
GuigoTruck
Bronze 2
Bronze 2
In response to amitair
Reply posted on --/--/---- --:-- AM

I appreciate your answer, @amitair. thank you!
Actually, we use those keys frequently in our applications, with over 5K accesses per day.

Posted on --/--/---- --:-- AM
mattbolton
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We have recreated the recaptcha keys for one of our sites for the second time in 4 weeks today. Works for thousands of visitors everyday until suddenly it doesn't. We have not had a response from Google on the support ticket in 4 weeks either.

0 Likes

Posted on --/--/---- --:-- AM
GuigoTruck
Bronze 2
Bronze 2
In response to mattbolton
Reply posted on --/--/---- --:-- AM

It's very frustrating, @mattbolton. We are planning to move to hCaptcha or other solution because reCAPTCHA Enterprise is too much expensive and we are not sure that Enterprise will protect us of this kind of expiration/invalidation of tokens without notification.

0 Likes