Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
asgs112754yI selected at least 20 cars and pedestrian walks before making me too frustrated to continue
-
30 second OTPs are completely stupid, Use invisible captcha and only use Visible Captcha when suspicious.
-
@Eklavya You can simulate human behaviour to avoid RECAPTCHA, it's not foolproof, but once it's triggered, bots can't solve it, those APIs might be using click farms which employ real people.
-
@theabbie That depends, if the reCAPTCHA system is only triggered when an anomaly in the user's behaviour then yes, you could get bots to fly under that radar.
But if it's always enabled, then there's a very slim chance of bots getting through it. -
@Berkmann18 There is a setting to set sensitivity of RECAPTCHA, if it's set to high, it will trigger it 90% of times, but, if bot is highly precise and is used on an IP with good history, then, it can avoid it, clicking "I am not a robot" is not a big deal.
-
Re-captcha list - buses, cars, traffic lights, pedestrian walk-way. I think I always get just these.
-
Root797264yDon’t forget to enter both time-restricted codes sent to you via SMS and email. You have 30 seconds before they expire!
Seriously, BinanceUS does this shit. Two short-expiry codes sent like above plus an OTP via e.g. Authy. If I have everything already open and waiting, it is still freaking difficult to do it all fast enough 😠. The last time I logged in, it took me three tries because the email took a little too long to arrive. -
@Root If bots can click boxes with crosswalks and Fire Hydrants, we are already doomed,
Regardless, these bots will be sophisticated, and if someone is providing this as a service, it won't be free, so, RECAPTCHA can keep your website safe from Script kiddies, atleast. -
620hun81884ythe worst thing is when you fill in a page long form, then you fail the stupid recaptcha and the form resets. There’s a special place in hell for people who designed those sites.
-
Using Firefox + ublock origin or pi-hole = hard mode
-> click 132 busses and wait 5 seconds to load a new picture, eventually succeed (maybe)
Using Tor = impossible
-> click 132 pedestrian walks and wait 5 seconds to load a new picture, eventually be told verification failed (please try again if you haven't gone insane) -
@DBX12 Oh, still, there is no need for visible CAPTCHA there, if user has already logged in via CAPTCHA, that's over-engineered
Related Rants
That is peak security:
- Require timebased OTP for login
- Also require recaptcha for login
- Select the frickin bus, palm tree and cross walk 93 times
- Finally manage to please the algorithm
- The 30 second validity window of TOTP expired
*GAAH!*
rant
recaptcha sucks
security
totp