Highest Voted 'captcha' Questions - IT Security Stack Exchange

84

votes

5 answers

How does Google's "No Captcha reCaptcha" work?

Google has released a new form of captcha identification of bots, that asks the user to click a single checkbox. It uses image-based verification only if necessary. Could someone please explain to me as to how such a program differentiates a human…

captcha bot

asked Jan 09 '15 at 17:37

ghosts_in_the_code

955
1
6
9

42

votes

2 answers

What triggers Google's reCAPTCHA

I noticed that Google's "I am not a robot" reCAPTCHA forces me to check correct images on my computer. I installed a virtual machine and tried there. Same thing. Used proxy. Same thing too. Then I used another computer in the same network (same…

google captcha

asked May 29 '16 at 16:24

sanjihan

639
2
7
11

38

votes

8 answers

Is brute force a probable threat even if you enable CAPTCHA and rate limit logins?

Let's assume CAPTCHA is enabled with account lock out control (after five continuous failed attempts, the account will be locked for 15 min) on a system. Is brute force still a probable threat?

authentication brute-force captcha

asked Oct 07 '18 at 15:44

Sayan

2,033
1
11
21

34

votes

9 answers

Is it helpful to have a captcha on a login screen?

I introduced recaptcha to the login screen of a system. My goal was all about security things like dictionary/bots attacks or other thing of that type. The users now hate it, Some did not even understand it and I had to remove it. When I look…

authentication captcha

asked Jul 14 '15 at 15:23

meda

451
1
4
7

29

votes

3 answers

Is there anything insecure about Google ReCaptcha?

In this question on software recommendations, the OP asks for an alternative to Google reCAPTCHA because "for a security reasons also we don't want to depend on any out side services". As far as I know, you ask Google for a CAPTCHA, you display it,…

captcha

asked Sep 28 '15 at 12:35

Mawg says reinstate Monica

1,368
2
13
26

25

votes

5 answers

Is there any reason to include the remote ip when using reCaptcha?

I am implementing Google's reCaptcha in my app. According to the documentation, my API request must include my secret key and the response, and optionally the user's remote ip. For what reasons would I include the remote ip?

ip captcha

asked Feb 17 '15 at 17:21

Mooseman

395
1
3
9

24

votes

3 answers

If we know CAPTCHA can be beat, why are we still using them?

If we know CAPTCHA can be beat, why are we still using them? A 35% to 90% success rate like wikipedia is stating means software is better at solving CAPTCHAs then I am.

captcha

asked Jan 08 '13 at 02:40

sup

381
3
13

24

votes

7 answers

Are reCAPTCHA enough to prevent brute-force password guesses?

I was wondering if reCAPTCHA were strong enough to prevent BruteForce from bots or if I needed to add more security, such as sending a unique mail to the user every 5 tries that someone try to log on the account and block the account while the mail…

authentication brute-force captcha

asked Dec 14 '15 at 12:38

JohnnyBgud

419
1
4
8

19

votes

12 answers

Is there a true alternative to using CAPTCHA images?

Security is about balancing costs and risks, nothing is impossible to beat, specially not typical CAPTCHA implementations, but they do add something no other system seems to offer. I've been reading around about these CAPTCHAs for a while and…

spam captcha

asked Jan 23 '13 at 12:17

Daren

300
1
2
8

15

votes

8 answers

How does CAPTCHA mitigate DDoS attacks?

This seems like an easy question, but I've failed to find an answer. One of the uses of CAPTCHA is to cope mitigate Denial of Service attacks. Suppose an adversary performs excessive login attempts, leaving other users unable to log in; the service…

web-application ddos denial-of-service captcha

asked Oct 20 '12 at 14:28

overrider

253
1
2
6

14

votes

3 answers

Best practice in web application security authentication to avoid bruteforce attack

I want to cover the possible cases of attacking. My application already has captcha and two-factor authentication, but how can I avoid a tiny attack without annoying my users? The possible cases that I'm thinking to cover are: Show captcha after…

web-application penetration-test captcha

asked Nov 18 '14 at 07:53

Mohamed Farrag

243
2
8

14

votes

4 answers

I receive spam despite a captcha, has my wordpress blog been hacked?

I have a wordpress blog under my own domain. It does not have special security. For the past 1 week, my blog got spammed by someone from Russia - I think the contents of my blog somehow angered him. He posts about 20 spam comments (only links to…

spam captcha

asked Jul 20 '17 at 15:04

itsme

157
1
3

13

votes

3 answers

AntiForgeryToken versus Captcha

I am having some question regarding captcha and AntiForgeryToken Do I need to use captcha if I am using AntiForgeryToken in an MVC application. Does AntiForgeryToken prevents automated form submission? Can I use AntiForgeryToken as an alternative…

captcha

asked Sep 01 '14 at 07:19

Twix

233
2
6

13

votes

4 answers

Why Do we Need CAPTCHA? In what case we should use it?

In what case we should implement Captcha based security?. How accurate it is and if there exists any alternatives for Captcha based Security.

web-application captcha

asked Dec 28 '12 at 02:51

Joe.wang

283
1
2
6

12

votes

2 answers

Should I use ReCAPTCHA v2 or v3?

I've seen lots of SO posts and other articles on the internet about the differences between Google's ReCAPTCHA v2 and v3, but I'm not sure which one I should use. I'm looking to protect my website's sign up page (React frontend + Node.js backend).…

javascript captcha

asked Jun 20 '19 at 03:21

APixel Visuals

223
1
2
6

Questions tagged [captcha]