8.3 Configuring CAPTCHA

To configure the Captcha settings:

1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

2. In the toolbar, click your name.

3. Click Configuration Editor.

4. Click Settings > Captcha.

5. Configure the following settings:

   reCAPTCHA Public Key

   Specify the public reCAPTCHA key. Leave this field blank if you do not want to perform CAPTCHA verification.

   reCAPTCHA Private Key

   Specify the private reCAPTCHA key. Leave this field blank if you do not want to perform CAPTCHA verification.

   CAPTCHA Protected Pages

   Select the pages that must be CAPTCHA protected. Self Service Password Reset only requires the CAPTCHA validation for the first instance of a session. If during the same session the users visit all those selected pages, then they do not have to perform the CAPTCHA validation on each page.

   Captcha Skip Parameter Value

   Specify the parameters and include the skipCaptcha key for the parameters that you want to skip the CAPTCHA request. This setting is useful for internal clients and links where CAPTCHA is not required.

   For example, if “Forgotten Password” is checked, Self Service Password requires CAPTCHA validation to access the “Forgotten Password” page.

   Captcha Skip Cookie

   Specify the browser cookies. that you want Self Service Password Reset to skip the CAPTCHA request.

   Captcha Intruder Attempt Trigger

   Specify the number of intruder attempts before Self Service Password Reset requires CAPTCHA. If set to 0, Self Service Password Reset ignores the intruder attempt count and it always requires CAPTCHA. Self Service Password Reset considers intruder attempts for the current session and for the source network address.

   The recommended value for this setting is 0. However, determined network attackers might be able to bypass the CAPTCHA verification altogether if you use this setting.

6. In the toolbar, click Save changes.