Hi, i have noticed that Twitter and Facebook both have a good system in place on some of their forms.
For example, if a user fails to enter their correct details in to the Sign In Form 3-4 times, a reCaptcha shows.
I also noticed that the reCaptcha shows on the Sign Up Form after it detects suspicious activity...
Can anyone think how they might have implemented this system, as i really don't want to display a reCaptcha form my default... i would rather only display it if there was suspicious activity.
(please do not respond saying that captchas are a waste of time etc... i am simply only interested in finding out how Twitter and Facebook are implementing captchas when they detect something suspicious :-)