| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| recaptcha_enterprise | ReCAPTCHA Enterprise | protect | partial | T1078.004 | Cloud Accounts |
Comments
ReCAPTCHA Enterprise allows users to configure Multifactor Authentication (MFA) to verify user's identity by sending a verification code by email or SMS (known as an MFA challenge). When ReCAPTCHA Enterprise assesses that user activity to exceeds a predetermined threshold (by the developer), it can trigger an MFA challenge to verify the user. This increases the likelihood that a compromised account will be prevented from impacting the system.
Since ReCAPTCHA Enterprise does not require a MFA challenge for all user activity, it has been given a rating of Partial.
References
|
| recaptcha_enterprise | ReCAPTCHA Enterprise | detect | significant | T1110.004 | Credential Stuffing |
Comments
Password Checkup extension for Chrome displays a warning whenever a user signs in to a site using one of over 4 billion usernames and passwords that Google knows to be unsafe due to a third-party data breach. With reCAPTCHA Enterprise, you can identify credential stuffing attacks by utilizing Password Checkup to detect password leaks and breached credentials. Developers can factor this information into their score calculation for score-based site keys to help identify suspicious activity and take appropriate action.
References
|
| recaptcha_enterprise | ReCAPTCHA Enterprise | protect | partial | T1136.003 | Cloud Account |
Comments
ReCAPTCHA Enterprise can implement a number of mitigations to prevent the automated creation of multiple accounts such as adding checkbox challenges on pages where end users need to enter their credentials and assessing user activity for potential misuses on all pages where accounts are created.
Since this control doesn't prevent the manual creation of accounts, it has been given a rating of Partial.
References
|