Completely Automated Public Turing test to tell Computers and Humans Apart used in form validation to restrict access to humans only
Questions tagged [captcha]
121 questions
84
votes
5 answers
How does Google's "No Captcha reCaptcha" work?
Google has released a new form of captcha identification of bots, that asks the user to click a single checkbox. It uses image-based verification only if necessary.
Could someone please explain to me as to how such a program differentiates a human…
ghosts_in_the_code
- 955
- 1
- 6
- 9
42
votes
2 answers
What triggers Google's reCAPTCHA
I noticed that Google's "I am not a robot" reCAPTCHA forces me to check correct images on my computer. I installed a virtual machine and tried there. Same thing. Used proxy. Same thing too. Then I used another computer in the same network (same…
sanjihan
- 639
- 2
- 7
- 11
38
votes
8 answers
Is brute force a probable threat even if you enable CAPTCHA and rate limit logins?
Let's assume CAPTCHA is enabled with account lock out control (after five continuous failed attempts, the account will be locked for 15 min) on a system.
Is brute force still a probable threat?
Sayan
- 2,033
- 1
- 11
- 21
34
votes
9 answers
Is it helpful to have a captcha on a login screen?
I introduced recaptcha to the login screen of a system.
My goal was all about security things like dictionary/bots attacks or other thing of that type.
The users now hate it, Some did not even understand it and I had to remove it.
When I look…
meda
- 451
- 1
- 4
- 7
29
votes
3 answers
Is there anything insecure about Google ReCaptcha?
In this question on software recommendations, the OP asks for an alternative to Google reCAPTCHA because "for a security reasons also we don't want to depend on any out side services".
As far as I know, you ask Google for a CAPTCHA, you display it,…
Mawg says reinstate Monica
- 1,368
- 2
- 13
- 26
25
votes
5 answers
Is there any reason to include the remote ip when using reCaptcha?
I am implementing Google's reCaptcha in my app. According to the documentation, my API request must include my secret key and the response, and optionally the user's remote ip.
For what reasons would I include the remote ip?
Mooseman
- 395
- 1
- 3
- 9
24
votes
3 answers
If we know CAPTCHA can be beat, why are we still using them?
If we know CAPTCHA can be beat, why are we still using them?
A 35% to 90% success rate like wikipedia is stating means software is better at solving CAPTCHAs then I am.
sup
- 381
- 3
- 13
24
votes
7 answers
Are reCAPTCHA enough to prevent brute-force password guesses?
I was wondering if reCAPTCHA were strong enough to prevent BruteForce from bots or if I needed to add more security, such as sending a unique mail to the user every 5 tries that someone try to log on the account and block the account while the mail…
JohnnyBgud
- 419
- 1
- 4
- 8
19
votes
12 answers
Is there a true alternative to using CAPTCHA images?
Security is about balancing costs and risks, nothing is impossible to beat, specially not typical CAPTCHA implementations, but they do add something no other system seems to offer.
I've been reading around about these CAPTCHAs for a while and…
Daren
- 300
- 1
- 2
- 8
15
votes
8 answers
How does CAPTCHA mitigate DDoS attacks?
This seems like an easy question, but I've failed to find an answer.
One of the uses of CAPTCHA is to cope mitigate Denial of Service attacks. Suppose an adversary performs excessive login attempts, leaving other users unable to log in; the service…
overrider
- 253
- 1
- 2
- 6
14
votes
3 answers
Best practice in web application security authentication to avoid bruteforce attack
I want to cover the possible cases of attacking. My application already has captcha and two-factor authentication, but how can I avoid a tiny attack without annoying my users? The possible cases that I'm thinking to cover are:
Show captcha after…
Mohamed Farrag
- 243
- 2
- 8
14
votes
4 answers
I receive spam despite a captcha, has my wordpress blog been hacked?
I have a wordpress blog under my own domain. It does not have special security.
For the past 1 week, my blog got spammed by someone from Russia - I think the contents of my blog somehow angered him. He posts about 20 spam comments (only links to…
itsme
- 157
- 1
- 3
13
votes
3 answers
AntiForgeryToken versus Captcha
I am having some question regarding captcha and AntiForgeryToken
Do I need to use captcha if I am using AntiForgeryToken in an MVC application.
Does AntiForgeryToken prevents automated form submission?
Can I use AntiForgeryToken as an alternative…
Twix
- 233
- 2
- 6
13
votes
4 answers
Why Do we Need CAPTCHA? In what case we should use it?
In what case we should implement Captcha based security?. How accurate it is and if there exists any alternatives for Captcha based Security.
Joe.wang
- 283
- 1
- 2
- 6
12
votes
2 answers
Should I use ReCAPTCHA v2 or v3?
I've seen lots of SO posts and other articles on the internet about the differences between Google's ReCAPTCHA v2 and v3, but I'm not sure which one I should use. I'm looking to protect my website's sign up page (React frontend + Node.js backend).…
APixel Visuals
- 223
- 1
- 2
- 6