[mullingitover]

If your attacker is stuck manually passing the captcha time after time, they're probably not going to bother.

The thing that worries me more is the possibility that newer AI tools are allowing attackers to beat reCAPTCHA with automation. If that's the case, a lot of folks are going to be caught with their pants down.

Edit: looks like it's more than a possibility[1].

[1] https://twitter.com/sw33tlie/status/1710409035030122731

[minitech]

The linked post isn’t reCAPTCHA, it’s just some random bad CAPTCHA that’s been easy to defeat with OCR for ages. The real fundamental flaw is that human time is cheap enough: see Amazon Mechanical Turk. Many bulk, human-powered CAPTCHA-solving services have existed for years.