Different Bot Detection Logic For Login And Signup Flows

This article explains why a CAPTCHA challenge may appear on a signup page but not on a login page, or vice-versa, when bot detection is configured to activate only when a risk is detected.

• Bot Detection
• Login
• Signup

The requiresVerification and requiresVerificationForSignupFlow fields within the Pre Login Assessment event can have different boolean values, indicating that the risk assessment for each flow can produce a different result, independent of the other.

A machine learning (ML) model, specific to detecting signup and fake account creation attacks, runs during the signup process. This model is different from the one used for the login flow, which can result in different risk assessments for the two actions.

Consequently, one flow may be flagged as requiring verification while the other is not, leading to varied CAPTCHA challenge behavior. For more information, review the Changelog for September 5, 2024.