Intermittent login failures on first attempt with reCAPTCHA v3 enabled in Commerce
Intermittent login failures occur on the first attempt when reCAPTCHA v3 is enabled on the customer login form in Adobe Commerce. Valid credentials are rejected initially but succeed upon retry. To resolve the issue, lower the reCAPTCHA score threshold value.
Description description
Environment
- Product: Adobe Commerce
- Constraint: reCAPTCHA v3 enabled on customer login form
Issue/Symptoms
- Login attempts using correct credentials are intermittently rejected on the first try, but succeed on retry without any password changes.
- The issue occurs when reCAPTCHA v3 is enabled, which runs silently without displaying any challenge widget on the login form.
- The system treats valid login attempts as suspicious, leading to inconsistent authentication behavior.
- The behavior appears sporadically and is associated with reCAPTCHA score evaluation or token validation during the initial login attempt.
Resolution resolution
Follow these steps to adjust the reCAPTCHA configuration and improve login success rates:
- Navigate to Admin
>Stores>Configuration>Security>Google reCAPTCHA Storefront>reCAPTCHA v3 Invisible in Adobe Commerce. - Locate the Minimum Score Threshold setting and review its current value.
- Reduce the threshold value from 0.5 to 0.4 to allow more legitimate login attempts to pass validation.
- Save the configuration changes and apply the updated settings.
- Monitor login attempts to confirm that authentication succeeds consistently after the adjustment.
- If the issue continues, temporarily disable reCAPTCHA v3 on the customer login form to validate the behavior without reCAPTCHA.
Note: Lowering the score threshold increases exposure to automated bot activity, so closely monitor for increased bot activity, including credential stuffing or brute-force attempts when adjusting or temporarily disabling reCAPTCHA.
3d58f420-19b5-47a0-a122-5c9dab55ec7f