Self Service Password Reset has integrated support for the CAPTCHA protection. CAPTCHA prevents from automated attack. Self Service Password Reset uses the online re CAPTCHA service for CAPTCHA generation and validation. You must configure a reCAPTCHA account to use this service. Registration at the reCAPTCHA site provides a public and private key that you must configure in Self Service Password Reset for the reCAPTCHA support.
To configure the Captcha settings:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Captcha.
Configure the following settings:
Specify the public reCAPTCHA key. Leave this field blank if you do not want to perform CAPTCHA verification.
Specify the private reCAPTCHA key. Leave this field blank if you do not want to perform CAPTCHA verification.
Select the pages that must be CAPTCHA protected. Self Service Password Reset only requires the CAPTCHA validation for the first instance of a session. If during the same session the users visit all those selected pages, then they do not have to perform the CAPTCHA validation on each page.
Specify the parameters and include the skipCaptcha key for the parameters that you want to skip the CAPTCHA request. This setting is useful for internal clients and links where CAPTCHA is not required.
For example, if “Forgotten Password” is checked, Self Service Password requires CAPTCHA validation to access the “Forgotten Password” page.
Specify the browser cookies. that you want Self Service Password Reset to skip the CAPTCHA request.
Specify the number of intruder attempts before Self Service Password Reset requires CAPTCHA. If set to 0, Self Service Password Reset ignores the intruder attempt count and it always requires CAPTCHA. Self Service Password Reset considers intruder attempts for the current session and for the source network address.
The recommended value for this setting is 0. However, determined network attackers might be able to bypass the CAPTCHA verification altogether if you use this setting.
In the toolbar, click Save changes.