Jump to content

Add invisible re CAPTCHA in login form


Recommended Posts

Hello Invision Team,

IPS should give an option to add invisible re CAPTCHA in the login form. In countries like India Security agencies don't give the  clearance without this. This is highly recemented by them. I request to provide this in next update. 

This is my experience why government agencies avoid to use Invision Community as a CMS for their websites.

Link to comment
Share on other sites

24 minutes ago, Matt said:

Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes.

Yes I am aware of this excellent feature. But security agencies in many countries doesn't clear this. That's why I asked to give this as a option. Captcha is there in registration form so it would not be tough to give an option in login page too for you guys.

Also, what if a bot hit a wrong username password multiple time it could not lock anything but each time a query will run and make the heavy load on db. Captcha may stop this. Or you must block that IP for 15 minutes.

Link to comment
Share on other sites

  • 1 year later...
On 6/16/2022 at 12:39 PM, Matt said:

Are you concerned about brute force log in attempts? We have built in protection for this as multiple failed attempts to log into a user account lock the account for 15 minutes.

Hello. The problem is still relevant. Hackers check login information from other hacked forums and other databases. They use an array of proxy servers and will check emails and passwords from other services. Users often use the same emails and passwords. A captcha on the login form could prevent such an attack.

Link to comment
Share on other sites

13 hours ago, Tikhonov Ivan said:

Hello. The problem is still relevant. Hackers check login information from other hacked forums and other databases. They use an array of proxy servers and will check emails and passwords from other services. Users often use the same emails and passwords. A captcha on the login form could prevent such an attack.

As someone who works with online account access (online banking for example) for many large US financial companies, I can tell you with 100 percent certainty that CAPTCHAs are not overly difficult to overcome.  In fact there are many pre-built kits that are available for under $100.  
 

If this is a serious concern, you’re honestly better off looking at things like two factor authentication.  It’s MUCH more secure and effective in preventing someone from accessing an account even with a compromised credential.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...