diff --git a/src/applications/auth/controller/PhabricatorAuthRegisterController.php b/src/applications/auth/controller/PhabricatorAuthRegisterController.php
index 33bd5c9e5f..ec5883e9d0 100644
--- a/src/applications/auth/controller/PhabricatorAuthRegisterController.php
+++ b/src/applications/auth/controller/PhabricatorAuthRegisterController.php
@@ -123,6 +123,7 @@ final class PhabricatorAuthRegisterController
     $e_realname = strlen($value_realname) ? null : true;
     $e_email = strlen($value_email) ? null : true;
     $e_password = true;
+    $e_captcha = true;
 
     $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length');
     $min_len = (int)$min_len;
@@ -130,6 +131,16 @@ final class PhabricatorAuthRegisterController
     if ($request->isFormPost() || !$can_edit_anything) {
       $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
 
+      if ($must_set_password) {
+        $e_captcha = pht('Again');
+
+        $captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request);
+        if (!$captcha_ok) {
+          $errors[] = pht("Captcha response is incorrect, try again.");
+          $e_captcha = pht('Invalid');
+        }
+      }
+
       if ($can_edit_username) {
         $value_username = $request->getStr('username');
         if (!strlen($value_username)) {
@@ -328,6 +339,13 @@ final class PhabricatorAuthRegisterController
           ->setError($e_realname));
     }
 
+    if ($must_set_password) {
+      $form->appendChild(
+        id(new AphrontFormRecaptchaControl())
+          ->setLabel('Captcha')
+          ->setError($e_captcha));
+    }
+
     $submit = id(new AphrontFormSubmitControl());
 
     if ($is_setup) {