Enable CAPTCHA in password reset

Release version: Australia

Updated March 12, 2026

1 minute to read

Use the password_reset.captcha.ignore property to enable or disable requiring a CAPTCHA challenge when a user resets their password.

If the password_reset.captcha.ignore system property is not set to the recommended value of false, then a CAPTCHA challenge-response will not be used during the password reset process. CAPTCHAs help prevent automation attacks by prompting the user for a challenge-response that is not easily answered by automated systems.

Ensure that the property password_reset.captcha.ignore is set to false.

Note:

This property is used for password reset automation only.

More information


Attribute	Description
Configuration name	password_reset.captcha.ignore
Configuration type	System Properties (/sys_properties_list.do)
Data type
Recommended value	false
Default value	<none>
Fallback value	false
Category	Authentication
Security risk	Severity score: 5.6 CVSS rating: Medium Security risk details: If the CAPTCHA is disabled, an attacker may be more successful during automated attacks against the password reset feature.
Functional impact	None
Dependencies and prerequisites	None

To learn more about adding or creating a system property, see Add a system property.