reForge Captcha

A premium captcha alternative with bot detection and analytics. Operated on reforgecaptcha.cloud from 2025.

reForge Captcha was a premium captcha service designed as an alternative to dominant solutions such as Google's reCAPTCHA and hCaptcha. It operated on reforgecaptcha.cloud, which is no longer active. The product was built in Q4 2025 and retired the same year.

Background

Captcha systems sit at the boundary between user experience and security. Existing solutions at the time had well-documented friction problems — audio challenges that were often unintelligible, image challenges that degraded in quality, and an increasing reliance on tracking cookies to reduce challenge frequency. reForge Captcha was built to provide effective bot detection with less reliance on cross-site tracking and with better controls for developers integrating it.

Challenge types

reForge Captcha offered four challenge types to accommodate different security requirements and user experience tolerances.

Checkbox

The checkbox challenge presented a single checkbox to the user. Clicking it triggered a background analysis of the interaction — mouse movement trajectory, click timing, hover duration, and other behavioural signals. If the signals were consistent with human behaviour, the challenge passed immediately with no additional steps.

This type was designed for low-friction situations where a fast, unintrusive check was sufficient.

Invisible

The invisible challenge required no user interaction at all. Instead, it ran behavioural analysis passively throughout the session — tracking how the user moved through the page, the timing and pattern of their interactions, and device fingerprint signals. A risk score was computed from these signals.

If the risk score was below the configured threshold, the form submission proceeded without the user ever seeing a challenge. Only sessions that exceeded the risk threshold were escalated to a secondary challenge.

Managed

The managed challenge type made the challenge selection decision automatically. Rather than fixing the challenge type at integration time, reForge Captcha assessed each session in real time and served the least intrusive challenge type consistent with the computed risk level.

Low-risk sessions passed invisibly. Moderate-risk sessions received a checkbox. High-risk sessions received an image challenge.

Image

The image challenge presented a grid of images and required the user to select those matching a category — a standard visual challenge format. This was intended for the highest-risk interactions, where the additional friction was considered acceptable given the security requirements.

Bot detection and blocking

Detected bot sessions were blocked before the protected action could be completed. The blocking decision was made automatically without manual review. The detection logic combined:

Behavioural signals from the challenge interaction
Device and browser fingerprint analysis
Request timing patterns
Known bot fingerprints and user agent signatures

Analytics dashboard

The dashboard provided operators with visibility into traffic patterns and challenge performance:

Total challenge attempts, completions, and failures by time period
Bot block rates and blocked session volume
Challenge type distribution (how often each type was served)
Traffic source breakdown by country and device type
Pass and fail rates per integration point

Integration

reForge Captcha integrated via a JavaScript snippet placed on protected pages and a server-side API call to verify the challenge token before processing the protected action. The verification step was server-side to prevent token replay attacks.

Status

reForge Captcha is permanently offline. The domain reforgecaptcha.cloud is no longer active.