I noticed that the default Authentication - Registration form flow contains the Recaptcha execution/provider by default.
However, I can’t find it as a provider when adding it as a flow execution under my custom SPI flows.
The Recaptcha step is only suitable for registration flow.
If you want to use some captcha option in other auth flows, you‘ll have to implement a custom authenticator.
Doesn’t this make it super inefficient to do so?
Why would anyone do that instead of just adding a custom recaptcha with JS and stuff, into a custom .tpl?
Because you need server-side code to validate the captcha!?
oh yeah, makes sense 
thanks man