Pushpendra Singh Chauhan Posted June 16, 2022 Share Posted June 16, 2022 Hello Invision Team, IPS should give an option to add invisible re CAPTCHA in the login form. In countries like India Security agencies don't give the clearance without this. This is highly recemented by them. I request to provide this in next update. This is my experience why government agencies avoid to use Invision Community as a CMS for their websites. OptimusBain 1 Link to comment Share on other sites More sharing options...
Management Matt Posted June 16, 2022 Management Share Posted June 16, 2022 Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes. Link to comment Share on other sites More sharing options...
Pushpendra Singh Chauhan Posted June 16, 2022 Author Share Posted June 16, 2022 24 minutes ago, Matt said: Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes. Yes I am aware of this excellent feature. But security agencies in many countries doesn't clear this. That's why I asked to give this as a option. Captcha is there in registration form so it would not be tough to give an option in login page too for you guys. Also, what if a bot hit a wrong username password multiple time it could not lock anything but each time a query will run and make the heavy load on db. Captcha may stop this. Or you must block that IP for 15 minutes. Link to comment Share on other sites More sharing options...
Tikhonov Ivan Posted February 2 Share Posted February 2 On 6/16/2022 at 12:39 PM, Matt said: Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes. Hello. The problem is still relevant. Hackers check login information from other hacked forums and other databases. They use an array of proxy servers and will check emails and passwords from other services. Users often use the same emails and passwords. A captcha on the login form could prevent such an attack. G17 Media 1 Link to comment Share on other sites More sharing options...
Randy Calvert Posted February 2 Share Posted February 2 13 hours ago, Tikhonov Ivan said: Hello. The problem is still relevant. Hackers check login information from other hacked forums and other databases. They use an array of proxy servers and will check emails and passwords from other services. Users often use the same emails and passwords. A captcha on the login form could prevent such an attack. As someone who works with online account access (online banking for example) for many large US financial companies, I can tell you with 100 percent certainty that CAPTCHAs are not overly difficult to overcome. In fact there are many pre-built kits that are available for under $100. If this is a serious concern, you’re honestly better off looking at things like two factor authentication. It’s MUCH more secure and effective in preventing someone from accessing an account even with a compromised credential. Link to comment Share on other sites More sharing options...
Recommended Posts