Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted June 16, 20222 yr Hello Invision Team, IPS should give an option to add invisible re CAPTCHA in the login form. In countries like India Security agencies don't give the clearance without this. This is highly recemented by them. I request to provide this in next update. This is my experience why government agencies avoid to use Invision Community as a CMS for their websites.
June 16, 20222 yr Management Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes.
June 16, 20222 yr Author 24 minutes ago, Matt said: Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes. Yes I am aware of this excellent feature. But security agencies in many countries doesn't clear this. That's why I asked to give this as a option. Captcha is there in registration form so it would not be tough to give an option in login page too for you guys. Also, what if a bot hit a wrong username password multiple time it could not lock anything but each time a query will run and make the heavy load on db. Captcha may stop this. Or you must block that IP for 15 minutes.
February 2, 2024Feb 2 On 6/16/2022 at 12:39 PM, Matt said: Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes. Hello. The problem is still relevant. Hackers check login information from other hacked forums and other databases. They use an array of proxy servers and will check emails and passwords from other services. Users often use the same emails and passwords. A captcha on the login form could prevent such an attack.
February 2, 2024Feb 2 13 hours ago, Tikhonov Ivan said: Hello. The problem is still relevant. Hackers check login information from other hacked forums and other databases. They use an array of proxy servers and will check emails and passwords from other services. Users often use the same emails and passwords. A captcha on the login form could prevent such an attack. As someone who works with online account access (online banking for example) for many large US financial companies, I can tell you with 100 percent certainty that CAPTCHAs are not overly difficult to overcome. In fact there are many pre-built kits that are available for under $100. If this is a serious concern, you’re honestly better off looking at things like two factor authentication. It’s MUCH more secure and effective in preventing someone from accessing an account even with a compromised credential.
