Add invisible re CAPTCHA in login form

Pushpendra Singh Chauhan · June 16, 2022

Hello Invision Team,

IPS should give an option to add invisible re CAPTCHA in the login form. In countries like India Security agencies don't give the clearance without this. This is highly recemented by them. I request to provide this in next update.

This is my experience why government agencies avoid to use Invision Community as a CMS for their websites.

Matt · June 16, 2022

Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes.

Pushpendra Singh Chauhan · June 16, 2022

24 minutes ago, Matt said:

Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes.

Yes I am aware of this excellent feature. But security agencies in many countries doesn't clear this. That's why I asked to give this as a option. Captcha is there in registration form so it would not be tough to give an option in login page too for you guys.

Also, what if a bot hit a wrong username password multiple time it could not lock anything but each time a query will run and make the heavy load on db. Captcha may stop this. Or you must block that IP for 15 minutes.

Tikhonov Ivan · February 2

On 6/16/2022 at 12:39 PM, Matt said:

Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes.

Hello. The problem is still relevant. Hackers check login information from other hacked forums and other databases. They use an array of proxy servers and will check emails and passwords from other services. Users often use the same emails and passwords. A captcha on the login form could prevent such an attack.

Randy Calvert · February 2

13 hours ago, Tikhonov Ivan said:

Hello. The problem is still relevant. Hackers check login information from other hacked forums and other databases. They use an array of proxy servers and will check emails and passwords from other services. Users often use the same emails and passwords. A captcha on the login form could prevent such an attack.

As someone who works with online account access (online banking for example) for many large US financial companies, I can tell you with 100 percent certainty that CAPTCHAs are not overly difficult to overcome. In fact there are many pre-built kits that are available for under $100.

If this is a serious concern, you’re honestly better off looking at things like two factor authentication. It’s MUCH more secure and effective in preventing someone from accessing an account even with a compromised credential.

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Add invisible re CAPTCHA in login form

Recommended Posts

Pushpendra Singh Chauhan

Matt

Pushpendra Singh Chauhan

Tikhonov Ivan

Randy Calvert

Recently Browsing 0 members

More