Open
Conversation
dev-love
approved these changes
Mar 20, 2026
Contributor
dev-love
left a comment
dev-love
left a comment
There was a problem hiding this comment.
Thank you for creating these use case drafts. I think this is a great starting point for the expansion of our Developer Hub.
|
|
||
| [Risk Intelligence](https://developer.friendlycaptcha.com/docs/v2/risk-intelligence/) is a product that allows you to implement risk-based authentication in a matter of hours instead of weeks. | ||
|
|
||
| Friendly Captcha assess the visitor, sharing risk scores and information about the browsing session with your backend, so you can make informed decisions about how to handle requests. |
Contributor
There was a problem hiding this comment.
Suggested change
| Friendly Captcha assess the visitor, sharing risk scores and information about the browsing session with your backend, so you can make informed decisions about how to handle requests. | |
| Friendly Captcha assesses the visitor, sharing risk scores and information about the browsing session with your backend, so you can make informed decisions about how to handle requests. |
|
|
||
| You could for example have a policy where you require MFA for requests that have a high risk score, but allow requests with a low risk score to proceed without additional verification. | ||
|
|
||
| Alternatively you can store information about the user's previous browsing sessions, and if a request comes in that deviates significantly from the user's normal behavior (e.g. a login attempt from a new device or location), you can require additional verification for that request. |
Contributor
There was a problem hiding this comment.
That sounds interesting. Perhaps this anomaly detection approach deserves its own sub-section and/or an additional short explanation.
| </p> | ||
|
|
||
| ## Passive monitoring for account takeover | ||
| Even if you don't want to implement risk-based authentication, you can still use Risk Intelligence for passive monitoring of account takeover attempts. By logging signals associated with critical user interactions, you can analyze patterns of behavior and identify potential security threats. For example, you might notice a spike in high-risk scores from a particular network, geographic region or device type, which could indicate a coordinated attack. You can feed this data into your SIEM (Security Information Event Management) system to correlate it with other security events. |
Contributor
There was a problem hiding this comment.
Data integration into SIEM systems has already been specifically requested by our first enterprise customers. So it’s an exciting opportunity to write a tutorial in the future and link to it from here.
| For example, you might choose to block requests that have a high risk score, you may rate limit them more aggressively, or you might require additional verification for those requests. This way, you can protect your APIs from abuse while still allowing legitimate users to access your services. | ||
|
|
||
| ## What about machine-to-machine communication? | ||
| Friendly Captcha's Risk Intelligence is designed to protect APIs that are accessed by users, not machine-to-machine (M2M) communication. Outside of requiring authentication, assessing risk based on the IP address of the request is a common way to protect M2M communication. |
Contributor
There was a problem hiding this comment.
Suggested change
| Friendly Captcha's Risk Intelligence is designed to protect APIs that are accessed by users, not machine-to-machine (M2M) communication. Outside of requiring authentication, assessing risk based on the IP address of the request is a common way to protect M2M communication. | |
| Friendly Captcha's Risk Intelligence is designed to protect APIs that are accessed by users. | |
| You can assess the risk of machine-to-machine (M2M) communication based on the IP address of the request. |
| ## What about human attackers? | ||
| While Friendly Captcha is effective at blocking automated bots, it may not be able to prevent fake accounts that are created by human attackers. While these users may be slowed down by the challenge, they can still potentially create fake accounts. | ||
|
|
||
| To flag these accounts for review you can use our [Risk Intelligence](https://developer.friendlycaptcha.com/docs/v2/risk-intelligence/) product, which provides you with risk scores and signals about the browsing session. This can help you identify potentially malicious users and take additional actions against them, such as flagging their accounts for review or requiring additional verification for their accounts. You can enrich the account creation process with the signals provided by Risk Intelligence, such as the user's IP address, device information, and behavior patterns, to make informed decisions about whether to allow the account creation or to flag it for review. |
Contributor
There was a problem hiding this comment.
Suggested change
| To flag these accounts for review you can use our [Risk Intelligence](https://developer.friendlycaptcha.com/docs/v2/risk-intelligence/) product, which provides you with risk scores and signals about the browsing session. This can help you identify potentially malicious users and take additional actions against them, such as flagging their accounts for review or requiring additional verification for their accounts. You can enrich the account creation process with the signals provided by Risk Intelligence, such as the user's IP address, device information, and behavior patterns, to make informed decisions about whether to allow the account creation or to flag it for review. | |
| To prevent such fake accounts, you can use our [Risk Intelligence](https://developer.friendlycaptcha.com/docs/v2/risk-intelligence/) product, which provides you with risk scores and signals about the browsing session. This can help you identify potentially malicious users and take additional actions against them, such as flagging their accounts for review or requiring additional verification for their accounts. You can enrich the account creation process with the signals provided by Risk Intelligence, such as the user's IP address, device information, and behavior patterns, to make informed decisions about whether to allow account creation, implement additional security checks, and monitor suspicious accounts. |
|
|
||
| Friendly Captcha can help protect against payment fraud in two ways: | ||
| 1. The Friendly Captcha widget can be integrated into your payment forms to add an additional layer of security. When a user interacts with the form, Friendly Captcha assesses the visitor and gathers signals from their browsing session. If it detects suspicious activity that is indicative of a bot, it will require the user's device to solve a computationally expensive challenge. This makes it more difficult and costly for attackers to carry out automated attacks on your payment forms, while still allowing legitimate users to access your services without friction. | ||
| 2. You can use our [Risk Intelligence](https://developer.friendlycaptcha.com/docs/v2/risk-intelligence/) product to feed our risk scores and signals into your existing fraud detection systems. This can help you identify potentially fraudulent transactions and take additional actions against them, such as flagging them for review or requiring additional verification for those transactions. |
Contributor
There was a problem hiding this comment.
In a future version, we could expand on this or add a tutorial.
|
|
||
| Spam is a common problem for websites and apps that allow user-generated content or have a public-facing form. Spammers can use automated bots to flood your site with unwanted content, which can degrade the user experience, damage your reputation, and even lead to security issues. | ||
|
|
||
| Friendly Captcha helps protect your site from spam by adding a layer of security that can distinguish between legitimate users and malicious (automated) actors. This makes it more difficult and costly for spammers to abuse your site, while allowing legitimate users to access your services without friction. |
Contributor
There was a problem hiding this comment.
Does it make sense here to rather highlight our computational challenge/PoW approach?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a page describing the following (and how Friendly Captcha can help):