Of course not. But, for security reasons, in my workplace they ask us to use both, password and captcha, in all of our systems. I want to convince them to use Survey Solutions instead of develop a system from scratch, but this issue is a must for them.
“Using the captcha” and “show a captcha challenge to users since the first login attempt” are two different things, imho. Make sure you are not confusing the security requirement with 2-factor authentication, which is also a possibility.
Survey Solutions does use CAPTCHA to protect the server from bruteforce attacks on the login form exposed to the internet. Perhaps you misunderstood the comment of your security officer. Let him speak directly to avoid any confusion or confirm that they find the chance of 5 out of 839,299,365,868,340,224 considerably large. (this is just 10 large/small letters and digits, you can certainly have a longer password and use special characters…).