I review my Cloudflare firewall rules infrequently – maybe every couple of years – so I didn’t notice immediately when early in 2022 CF retired their CAPTCHA (thus ending the Cloudflare CAPTCHA Kerfuffle – oh well, it was fun while it lasted) and deprecated their JavaScript Challenge in favor of their new, more advanced Managed Challenge.
According to CF – “Managed challenges are where Cloudflare dynamically chooses the appropriate type of challenge based on the characteristics of a request” – reducing the need to subject users to CAPTCHAs by 90%.
So how is CF Managed Challenge different from Google’s invisible reCAPTCHA? Is it better? Worse? Not sure, I can find no direct comparison of the two. They seem very similar to me. For me, CF Managed Challenge is easier to implement. In a high-security situation I would use one or the other in addition to other precautions, or maybe 2FA (although I’m not a huge fan of 2FA – I worry too much about losing my phone, like accidentally dropping it off the vertical side of Yosemite’s Half Dome, which I’ve done).
What about Turnstile, CF’s other CAPTCHA replacement? I don’t see the point of Turnstile, at least for now.
