diff --git a/scripts/setup/generate_secrets.py b/scripts/setup/generate_secrets.py
index b3d6086fde..7da8af2cc9 100755
--- a/scripts/setup/generate_secrets.py
+++ b/scripts/setup/generate_secrets.py
@@ -128,6 +128,10 @@ def generate_secrets(development: bool = False) -> None:
     if need_secret("camo_key"):
         add_secret("camo_key", random_string(64))
 
+    # We enable Altcha in development
+    if development and need_secret("altcha_hmac"):
+        add_secret("altcha_hmac", random_token())
+
     if not development:
         # The memcached_password and redis_password secrets are only
         # required/relevant in production.
diff --git a/zproject/dev_settings.py b/zproject/dev_settings.py
index f38e2ab043..0398f00fb7 100644
--- a/zproject/dev_settings.py
+++ b/zproject/dev_settings.py
@@ -220,6 +220,10 @@ RESOLVE_TOPIC_UNDO_GRACE_PERIOD_SECONDS = 5
 # See: https://zulip.readthedocs.io/en/latest/subsystems/realms.html#working-with-subdomains-in-development-environment
 ROOT_DOMAIN_LANDING_PAGE = True
 
+# Enable ALTCHA, so that we test this flow; we can only do this on localhost.
+if external_host_env is None and not IS_DEV_DROPLET:
+    USING_CAPTCHA = True
+
 TOPIC_SUMMARIZATION_MODEL = "groq/llama-3.3-70b-versatile"
 # Defaults based on groq's pricing for Llama 3.3 70B Versatile 128k.
 # https://groq.com/pricing/