Add Bot Detection to Passwordless Flows
If you use passwordless login and signup flows, you can enable Bot Detection to render a CAPTCHA step in scenarios when a request is determined to be high-risk by Auth0.
If you are using the Lock SDK with the Classic Login experience, you must update to version 11.35.0 or higher to use Bot Detection for passwordless flows.
If you are using the Auth0.js SDK, you must update to version 9.20.0 or higher to use Bot Detection for passwordless flows.
Configure Bot Detection for passwordless flows
You can use the Auth0 Dashboard to configure the behavior of the CAPTCHA feature.
In the Auth0 Dashboard, go to Security > Attack Protection > Bot Detection.
Locate the Response section.
For the Enforce CAPTCHA for passwordless flows setting, select when to require CAPTCHA:
Never: Users are not required to complete a CAPTCHA to log in.
When Risky: Users are required to complete a CAPTCHA if the login is high risk.
Always: Users are always required to complete a CAPTCHA to log in.
Configure Bot Detection for custom login pages
If you are using custom login pages and would like to configure Bot Detection, please read Add Bot Detection to Custom Login Pages.