I don't think it has so much to do with reCAPTCHA as much as it has to do with Cloudflare and website owners themselves. Most reCAPTCHA challenges come in the form of Cloudflare challenge passage pages. Website owners have 5 options to choose from regarding challenges:[1]
— Essentially off: Challenges only the most grievous offenders
— Low: Challenges only the most threatening visitors
— Medium: Challenges both moderate threat visitors and the most threatening visitors
— High: Challenges all visitors that have exhibited threatening behavior within the last 14 days
— I’m Under Attack!: Should only be used if your website is under a DDoS attack (Visitors will receive an interstitial page while we analyze their traffic and behavior to make sure they are a legitimate human visitor trying to access your website)
I think a lot of companies set it to "High" and forget about it, not realizing that it's ruining the experience for a lot of users.
— Essentially off: Challenges only the most grievous offenders
— Low: Challenges only the most threatening visitors
— Medium: Challenges both moderate threat visitors and the most threatening visitors
— High: Challenges all visitors that have exhibited threatening behavior within the last 14 days
— I’m Under Attack!: Should only be used if your website is under a DDoS attack (Visitors will receive an interstitial page while we analyze their traffic and behavior to make sure they are a legitimate human visitor trying to access your website)
I think a lot of companies set it to "High" and forget about it, not realizing that it's ruining the experience for a lot of users.
[1]: https://www.cloudflare.com/a/firewall/ebelinski.com#security...