Published on May 10, 2018 by Chrome

Secure, frictionless, easy to implement – choose all three! This session will cover best practices and introduce technologies (WebAuthn, One-tap Sign-up, reCAPTCHA V3) that developers can leverage to keep users’ data safe, streamline users’ onboarding experience, and prevent creation of fake accounts.

Watch more Chrome and Web sessions from I/O ’18 here → goo.gl/5fgXhX
See all the sessions from Google I/O ’18 here → goo.gl/q1Tr8x

Subscribe to the Chrome Developers channel → goo.gl/LLLNvf

#io18

Leave a Reply

18 Comments on "What’s new with sign up and sign in on the web (Google I/O ’18)"

Notify of
avatar

zhang olve
Guest
zhang olve
1 month 1 day ago

Not work on china

Nathaniel Rowe
Guest
Nathaniel Rowe
1 month 10 days ago

Does reCAPTCHA V3 stop GOOGLE from crawling your site?

Nathaniel Rowe
Guest
Nathaniel Rowe
1 month 7 days ago
Pascal, On initial 40 second research it seems that reCAPTCHA does not have a direct contact method.(//Pascal, seems you have 2 replies that say the same thing. do you want to delete one of them/ everything in brackets will be deleted once a deletion of your replies has occurred)I will spend a few more minutes on this challenge but i have had a really bad day (//last 2 months have been hell too but ill try to stay sane) so i might not reply quickly but i would like the support of you Eiji and MIKCA in questions of more… Read more »
Pascal S
Guest
Pascal S
1 month 8 days ago

The short and sweet answer to the question is that reCaptcha can be used to stop google crawling your website using the techniques in V3 if the user would like to. However, it can also be used to try and distinguish the non-harmful crawlers with harmful bots.

Pascal S
Guest
Pascal S
1 month 8 days ago

I think the short and sweet answer to the question is that reCaptcha can be used to stop google crawling your website using the techniques in V3 if the user would like to. However, it can also be used to try and distinguish the non-harmful crawlers with harmful bots.

Nathaniel Rowe
Guest
Nathaniel Rowe
1 month 8 days ago

Pascal I hear you, It is great to have control but I believe the question still remains unanswered. Maybe someone should contact reCAPCHA. Anyone up for the challenge?

Pascal S
Guest
Pascal S
1 month 8 days ago

I think the idea of the recaptcha V3 approach is to give the user the opportunity to distinguish what level of bot behaviour they are comfortable with having on their site. Despite the product being created by Google if they are scraping the internet they are still displaying bot-like behaviours that the system would pick up on and attribute a score to. It is then the user who can decide if this is acceptable or not.

Nathaniel Rowe
Guest
Nathaniel Rowe
1 month 9 days ago

Who did you converse with? reCAPTCHA is run by GOOGLE isn't it?
Let us be clear here.
If GOOGLE is the underlying engine that runs reCAPTCHA then how/why could the engine deny access to itself?
What do you think?

Eiji Kitamura
Guest
Eiji Kitamura
1 month 9 days ago

Google isn't whitelisted. It's up to the engine how it treats specific bots.

Eiji Kitamura
Guest
Eiji Kitamura
1 month 10 days ago

That's a good point. Let me ask engineering team how Google bots are treated. It might be a sensitive question to answer for them though.

Nathaniel Rowe
Guest
Nathaniel Rowe
1 month 10 days ago

Eiji, I'm pleased with your contributions but for a minute take a step back and have a look at the real question here. The response to the original question is likely to be NO. reCAPTCHA's primary use is to stop malicious actions on a site. GOOGLE would most likely be white listed don't you think?

Eiji Kitamura
Guest
Eiji Kitamura
1 month 10 days ago

You can "throttle query to prevent scraping" so reCAPTCHA should be able to return low scores for Google bots.

Nathaniel Rowe
Guest
Nathaniel Rowe
1 month 13 days ago

Thanks MIKCA Web Solutions, an edit to the question has been made to clarify the concern.

MIKCA Web Solutions
Guest
MIKCA Web Solutions
1 month 13 days ago

GoogleBots don't usually index password protected areas. Hope this helps!

bmx666bmx666
Guest
bmx666bmx666
1 month 11 days ago

WebAuthn has a lot of vulnerabilities. If evil software generates always one private key for all users then bad people's life will be much easy.

Eiji Kitamura
Guest
Eiji Kitamura
1 month 10 days ago

Authenticators are designed in a way such attack is not possible. Especially FIDO certified ones.fidoalliance.org/certification/

Alex Berg
Guest
Alex Berg
1 month 13 days ago

Finally a password-less auth system which makes sense! Looks like it's not tied to a single id provider.

Denis TRUFFAUT
Guest
Denis TRUFFAUT
1 month 13 days ago

Great video !

wpDiscuz