I think it's again to mitigate against potential bad actors attempting to access legitimate users' accounts.
You could use other methods but there's always tradeoffs, e.g., let's say that instead of using a captcha you just temporarily block login attempts to some account after X failed login attempts. This has the advantage that it's faster for legitimate users as you don't need to complete the captcha; however, the main disadvantage is that you can then get an attacker brute-forcing logins (even if they don't really care about getting users' credentials) which can disrupt your website by preventing potentially thousands of users from signing in.
In my opinion the captcha is the least bad option from a security point of view, as long as it has an alternative accessible mechanism for example for blind users.
You could use other methods but there's always tradeoffs, e.g., let's say that instead of using a captcha you just temporarily block login attempts to some account after X failed login attempts. This has the advantage that it's faster for legitimate users as you don't need to complete the captcha; however, the main disadvantage is that you can then get an attacker brute-forcing logins (even if they don't really care about getting users' credentials) which can disrupt your website by preventing potentially thousands of users from signing in.
In my opinion the captcha is the least bad option from a security point of view, as long as it has an alternative accessible mechanism for example for blind users.