Oct 22, 2025
TL;DR
Passport Embed is a lightweight React component that lets users prove humanity directly inside any app or website, without redirects or pop-ups.
It runs on the same backend that’s verified millions of users across 150+ campaigns and 120+ partners, combining onchain activity and modular Stamps to assess whether a user is real and unique.
All verifications are privacy-preserving, and projects can choose verification depth — from light checks to full compliance with Proof of Clean Hands or Biometric options, which use zero-knowledge proofs.
Developers can install it in a few lines of code, decide when to trigger checks, and match the interface to their product.
Expected result: lower friction, higher conversion, and a more human, bot-resistant internet. Start using Embed →
Today, more than 50% of the internet traffic consists of bots, according to Imperva’s 2025 Bad Bot report. More than ever, we need a way to distinguish humans from bots – for fairer rewards, accurate analytics, trustworthy governance, safer communities, meaningful AI feedback, and countless other use cases.
Yet, most personhood verification systems remain clunky and rely on a single point of failure. Users get confused, pulled out of the product, pushed through poorly explained steps just to “prove” they’re human. Many drop off and never return. And if one component of the system fails, that’s that.
In user experience, every second counts. A one-second delay can cut conversions by 7%, while simplifying verification steps can lift them by about 5%. The same principles apply to verification flows – speed and ease matter.
That’s why we built Passport Embed — a lightweight component that brings proof of humanity directly into your page. It’s powered by the same backend that’s already verified millions of users across more than 150 campaigns and 120 partners.
Passport Embed Walkthrough by Daniel, Product Lead of Human Passport. Feel free to leave a comment!
If you’re here for the quick version, here’s what Passport Embed is and how it works. Scroll down for the deep dive on verification UX and why it matters, including the humanity verification methods comparison table.
Humanity Embedded on Your Website
Passport Embed is an embeddable React component that brings proof of personhood directly into any app or website. Instead of sending users away to a separate site or pop-up, it lives inside the native user flow. Yet, it’s powered by the same tried-and-tested backend that runs the Passport App today.
Verification uses Passport Stamps, an aggregate human verification tool that allows users to verify a variety of different credentials that represent different high-human-signal activities. Each Stamp proves a specific aspect of a user’s identity or behavior, such as an active GitHub profile, a verified social account, web3 NFT and transaction history across chains, or a zero-knowledge credential based on a biometric check passed or an active phone number owned. Every Stamp contributes to the user’s overall Unique Humanity score, helping determine the likelihood that the user is a real human, not a Sybil.
Developers can install Embed in a few lines of code, customize the interface, and decide where in the journey humanity verification makes sense: sign-ups, claims, or gated actions. The component integrates seamlessly with the partner’s site: specific triggers can enable the Embed, and once a user verifies their humanity, the action on the side can automatically continue, keeping the journey smooth and uninterrupted.
It’s proof of humanity made simple.
See how to integrate it in a few lines of code → Developer docs
Reality Check: How We Verify Humanity Today
Let’s take a look at how common personhood verification methods still fall short.
Choosing a humanity verification solution means balancing security, user experience, compliance, and cost. Here's how Passport Embed compares across the decision criteria that matter most.
Legend: 🟢 Strong | 🟡 Moderate | 🔴 Weak
CAPTCHA
The most well-known bot-prevention method, CAPTCHA, took off around 2003. Over time, six main types emerged — text, image, audio, puzzle, behavioral, and logic. Two decades later, none of them truly hold up.
Today’s CAPTCHAs use visual puzzles and behavioral tracking to separate bots from humans. Google’s reCAPTCHA became the default across the web. Bad news? Modern AI easily beats it.
Modern AI can bypass reCAPTCHA v2 with 100 % accuracy using object-recognition models. A 13-month field study concluded it brings “immense cost and no security.”
Bots now solve CAPTCHAs faster than humans. 500 human years are wasted every day on solving them.
The average cost of breaking a reCAPTCHA is incredibly low – less than $1 per 1000 solves. Meanwhile, Google charges $1 per 1,000 Enterprise requests. The math speaks for itself.
Results suggest that bots can outperform humans, both in terms of solving time and accuracy, across all CAPTCHA types. Source
Some say CAPTCHA is dead. The reality is worse: CAPTCHA is broken — but it still costs businesses and users thousands of dollars, wasted time, and lost conversions.
Result: not useful in bot prevention, avoid
Turnstile (by CloudFlare)
Cloudflare Turnstile works differently from old-school CAPTCHAs. Instead of making the user (or bot) solve a puzzle, it silently runs a set of browser checks and network-level verifications to decide whether the visitor is likely human.
Turnstile is considered more user-friendly and generally more effective against basic to mid-level bots than CAPTCHAs, but it doesn’t fully stop advanced or human-assisted attacks. Cloudflare itself frames it as a friction-reducer, not a silver bullet, recommending it be combined with other defenses like rate limiting, behavioral analysis, or additional proof-of-humanity layers.
Result: useful for primary bot filtration, further proof of humanity needed
Redirected KYC flows
Providers like Onfido and Jumio typically redirect users to hosted verification pages. But complexity and disruptions drive drop-off: according to Baymard, 18% of shoppers abandon due to complicated checkout, 19% when account creation is forced, and 15% when the site errors or crashes.
Humanity verification, just like account creation or checkout process, is prone to drop-offs. Redirect-based KYC checks are functional, but they introduce extra risk at exactly the moment you want users to commit. They are also quite invasive and leave people no option other than to use government-issued documents to prove their humanity, a compliance level not strictly required in many use cases, like entering a rewards program or a game. Additionally, nearly 850M people worldwide lack official identity documents, leaving them excluded from KYC-gated digital spaces.
Result: full compliance, but single-point-of-failure, and it’s invasive (while not always needed)
Hardware-verified personhood
Some systems lean on trusted hardware — like Worldcoin’s Orb or Humanity Protocol’s palm scanners — to prove uniqueness. While hardware checks can raise the cost of attacks, they come with trade-offs: high deployment costs, geographic limitations, and long-standing concerns about privacy, centralization, and exclusion. They don’t scale easily to “any website”, “any user”, “any use case”, and often lock projects into a single vendor’s device.
Result: high level of humanity signal, but lacks accessibility and a full compliance route; serious privacy concerns
The solution: Embeddable humanity
Verifying humanity shouldn’t feel like a mini-boss fight or a school assignment. It doesn’t have to require a trip to a verification center either. While most systems require users to jump through hoops, Passport Embed takes a different approach. It increases confidence that a user is real by verifying humanity proofs right in the app the user is in. Verification still involves user action — starting or completing tasks — but it happens in context, without disrupting the existing user flow, thereby reducing cognitive load. (And in some cases, no user action is needed — more on that soon.)
Security, Accessibility, Privacy built in
Every check inside Passport Embed runs on the same infrastructure that’s already powered millions of secure verifications. Sensitive data never leaves the verification provider — only cryptographic proofs are processed. The component is lightweight, works across devices, and is accessible by design.
Friction reduced to the minimum
Passport Embed runs directly inside your product — no redirects or separate sites. Everything happens in place, keeping users where they started.
Bonus: For many web3-native users, the verification may already be complete: their existing onchain activity and connected Stamps are recognized automatically in the background. In those cases, there’s nothing more to do — verification simply confirms itself.
Compliance on demand
Different products face different risks. Passport Embed lets you choose how deep to go. Keep it light for routine actions, or enable full compliance when regulation demands it. Verification depth is configurable, so you stay flexible without rebuilding your flow.
Soon, projects will be able to run individual verification flows directly inside Embed — starting with Proof of Clean Hands, a privacy-preserving ID and sanctions check. Future options will include Biometric and Government ID verification where required, keeping all flows contained within the same seamless user experience. Note that these verification methods use zero-knowledge proofs, confirming compliance without revealing underlying data.
Hidden advantage: Pluralism
Most verification systems rely on a single check — a biometric, a device, or a CAPTCHA. That creates a single point of failure: once the check is broken or bypassed, the whole system is compromised. Passport works differently — it’s pluralistic. Multiple signals, combined into one score, raise the cost of attacks without shutting out legitimate users.
With Embed, you get that pluralism directly inside your app. Each user can verify through the methods that work best for them, and you can design flows that fit your product.
We wrote more about pluralistic proof of humanity in this blog — why it matters, and how it helps build resilience in the age of AI.
Step by Step: Embed Passport to Your App or Website
If you’re deciding to embed proof of humanity in your product, below are the steps PMs and founders should typically consider. In case of any questions, our team is here to help.
Decide where/when to request the humanity check. Pick the point in your flow where you want humanity verification — onboarding, claims, or high-risk actions.
Integrate Human Embed.
Generate your API keys and scorer ID and start building!
Choose a Passport score (20 is the recommended baseline). Above it, users pass; below it, they’re prompted to add more Stamps.
Install the React component and add a few lines of code to implement the component.
Design the experience. Choose the theme (dark, light, or custom), reference existing address context or set it so users must sign in via the component, and choose how the Embed will fit into your page (collapse mode)
Launch your campaign. Partner with the Human Passport team to co-market the integration, driving real humans to your campaign.
Note: In the near future, you will also be able to add your own brand, adjust messaging, and customize the Stamp lineup.
Start building with Passport Embed today
Passport Embed has completed its beta phase and is now available for any project to integrate. The component has been tested with partners during alpha and beta, and is ready for production use.
Higher conversion. Keep users in your flow → more sign-ups completed.
Privacy built in. Passport doesn’t store any sensitive user data.
Own the experience. Customize the theme colors to match your UX.
Flexible verification. Start light or go deep, depending on risk profile. Verify members of your own community without friction.
Proven infrastructure. Powered by the same backend that secured millions of verifications (35M+ of Passport credentials were generated to date).
If you want to add proof of humanity directly into your product flow, you can start building today:
Start embedding humanity today: Partner with us | Read the docs | Test Embed 🦋
FAQ
ℹ️ Is Passport prone to a single point of failure?
There are two possible points of failure: proof generation and architectural dependency. In both cases, Passport provides a single point of failure solution.
Proof generation: Unlike traditional systems, Passport doesn’t rely on a single identity provider or database — the verification model, Stamp data, and onchain proofs distribute trust across multiple components.
Architecture: While API access relies on the Passport-operated infrastructure to issue and verify proofs, proofs pushed onchain (Onchain Passport) are available at any time.
ℹ️ Does Passport store user data?
No. Passport is completely privacy-preserving and does not store any personally identifiable information (PII).
ℹ️ Is Passport Embed open-source?
Yes. The component is open-source, allowing developers to review, audit, and adapt it to their use case.
ℹ️ What other products does Human Passport offer?
Human Passport provides two complementary verification categories: real-time and on-demand.
Real-time verification runs through Passport Embed or the Passport App, both connecting directly to our Stamp system. It verifies humanity through activity or ownership, using privacy-preserving proofs.
Beyond Stamps, real-time verification includes:
Model-based Sybil classification — ML models trained on real wallet data
Individual verification flows with zk KYC, zk biometrics, zk phone verification (coming soon)
Proof of Clean Hands — sanctions-screening with zero-knowledge proofs
On-demand verification is handled via Data Services for bulk analysis. Projects can share a wallet list; our system performs clustering and ML-based Sybil detection, classifying each address as Sybil, likely Sybil, unknown, likely human, or human. Each project receives a full report, raw data for internal use, and a follow-up call to review the findings and discuss next steps in Sybil prevention.
