First of all, my congratulations go to rdearman or emk or both for setting up a captcha system that is not overly intrusive, requires stupid JS bells and whistles, or otherwise manages to keep me out, and that we can also get a chuckle out of : )
I read in some other technical thread why some system proxy thinks that I (read: everyone) exceed some number of login attempts, and so the captcha request is triggered, that's not the question. It is, does the signup subsystem (where captchas totally make sense) let in enough bots and the like that you still need to protect the forum from otherwise legitimate registered users, or am I missing something else?
IOW, why do we need to demonstrate that we are human *every time* after registration? Have real users' login data ever been leaked and used by robots?
Why the captchas to login?
- mrwarper
- Orange Belt
- Posts: 106
- Joined: Sat Jul 18, 2015 4:06 pm
- Languages: A bunch, in various stages
- Language Log: http://how-to-learn-any-language.com/fo ... ?TID=39905
- x 149
- Contact:
- Lianne
- Green Belt
- Posts: 457
- Joined: Mon Jul 20, 2015 3:29 pm
- Location: Canada
- Languages: Speaks: English (N)
Actively studying: French (low int)
Dabbling in: Italian (beginner), ASL (beginner), Ojibwe (beginner), Swahili (beginner)
Wish list: Swedish, Esperanto, Klingon, Brazilian Portuguese
Has also dabbled in: German, Spanish, toki pona - Language Log: https://forum.language-learners.org/vie ... hp?t=12275
- x 1298
- Contact:
Re: Why the captchas to login?
Have you ever forgotten your password and exceeded the number of guesses before? Because I have, and ever since I get the captcha every time. It sucks, particularly since it doesn't give it to me until I've already tried to log in so I actually have to log in twice every time. But I don't remember ever having that happen before, so I just assumed it was because of my past too many login attempts. Either that or this is a relatively recent change.
0 x
: French SC (Books)
: French SC (Films)
: Italian Half SC (Books)
: Italian Half SC (Films)
Pronouns: they/them
: French SC (Films)
: Italian Half SC (Books)
: Italian Half SC (Films)
Pronouns: they/them
- Iversen
- Black Belt - 4th Dan
- Posts: 4782
- Joined: Sun Jul 19, 2015 7:36 pm
- Location: Denmark
- Languages: Monolingual travels in Danish, English, German, Dutch, Swedish, French, Portuguese, Spanish, Catalan, Italian, Romanian and (part time) Esperanto
Ahem, not yet: Norwegian, Afrikaans, Platt, Scots, Russian, Serbian, Bulgarian, Albanian, Greek, Latin, Irish, Indonesian and a few more... - Language Log: viewtopic.php?f=15&t=1027
- x 15020
Re: Why the captchas to login?
I simply enter x and x on the first screen, and then I give the real information the second time (including captcha and remember-me)
4 x
- Le Baron
- Black Belt - 3rd Dan
- Posts: 3578
- Joined: Mon Jan 18, 2021 5:14 pm
- Location: Koude kikkerland
- Languages: English (N), fr, nl, de, eo, Sranantongo,
Maintaining: es, swahili. - Language Log: https://forum.language-learners.org/vie ... 15&t=18796
- x 9564
Re: Why the captchas to login?
mrwarper wrote:IOW, why do we need to demonstrate that we are human *every time* after registration? Have real users' login data ever been leaked and used by robots?
See this thread. Also the total none existence of spam around the forum indicates that the policy is beneficial and probably worth having.
5 x
Pedantry is properly the over-rating of any kind of knowledge we pretend to.
- Jonathan Swift
- Jonathan Swift
- mrwarper
- Orange Belt
- Posts: 106
- Joined: Sat Jul 18, 2015 4:06 pm
- Languages: A bunch, in various stages
- Language Log: http://how-to-learn-any-language.com/fo ... ?TID=39905
- x 149
- Contact:
Re: Why the captchas to login?
I may have, I had to recover my login data from some backup from 2018 IIRC, I wasn't really paying attention and it's not data I use anywhere else so I don't remember whether I made a few unsuccessful attempts to login prior to that.Lianne wrote:Have you ever forgotten your password and exceeded the number of guesses before?
That's where I read about the reverse proxy. I went very quickly through it again, and I could not locate any specific reason for the captchas -- if I missed it, a direct link will be welcome.Le Baron wrote:mrwarper wrote:IOW, why do we need to demonstrate that we are human *every time* after registration? Have real users' login data ever been leaked and used by robots?
See this thread. Also the total none existence of spam around the forum indicates that the policy is beneficial and probably worth having.
Just in case, I'll state clearly that I am not annoyed in the slightest by the captchas as currently implemented, I am just curious. I have formulated a couple of reasonable hypothesis why they could be necessary (login data of real users leaked, and/or robots still signing up successfully) -- it would be nice to know whether I am right or, if I am wrong, what the real reason is. If for whatever reason it must be kept secret I am OK with that too.
As for the 50x errors, it is just too easy to hog a forum server* without even being registered (i.e. with or without login captchas) -- it would be misguided to put them in place to stop that.
*As somebody else mentioned in the thread above, it is part of the standard set of problems you can expect when setting up a forum nowadays: overly aggressive search spiders, random DDOS attacks, and real attacks of many kinds from people who hold a grudge against the forum. Interestingly enough, in my experience the latter should be statistically the least of your concerns, and the easiest to deal with.
0 x
MrWarper while HTLAL is offline.
- Le Baron
- Black Belt - 3rd Dan
- Posts: 3578
- Joined: Mon Jan 18, 2021 5:14 pm
- Location: Koude kikkerland
- Languages: English (N), fr, nl, de, eo, Sranantongo,
Maintaining: es, swahili. - Language Log: https://forum.language-learners.org/vie ... 15&t=18796
- x 9564
Re: Why the captchas to login?
It practically eliminates bot sign-ups and spam. I've seen spam once on here and it vanished rapidly.
1 x
Pedantry is properly the over-rating of any kind of knowledge we pretend to.
- Jonathan Swift
- Jonathan Swift
- mrwarper
- Orange Belt
- Posts: 106
- Joined: Sat Jul 18, 2015 4:06 pm
- Languages: A bunch, in various stages
- Language Log: http://how-to-learn-any-language.com/fo ... ?TID=39905
- x 149
- Contact:
Re: Why the captchas to login?
The operative word being up. You don't want robots to register as forum members, because the only ones that need to do so would be those intended to post spam. So captchas are OK to prevent automated sign up -- if working correctly, they should let in humans only.
Once humans have signed up, they need to sign in every time they want to post (or their session expires, etc.) but being humans no captcha won't stop them ; ) The only reason I can think of why you may want captchas to keep preventing humans from signin in automatically is that you're still unsure whether they're spammers. But isn't that exactly the function of the "remember me" checkbox -- to let registered users sign in without a captcha?
So, either presenting the captchas to registered users every time doesn't make sense, or I am still missing something else.
Once humans have signed up, they need to sign in every time they want to post (or their session expires, etc.) but being humans no captcha won't stop them ; ) The only reason I can think of why you may want captchas to keep preventing humans from signin in automatically is that you're still unsure whether they're spammers. But isn't that exactly the function of the "remember me" checkbox -- to let registered users sign in without a captcha?
So, either presenting the captchas to registered users every time doesn't make sense, or I am still missing something else.
0 x
MrWarper while HTLAL is offline.
- Iversen
- Black Belt - 4th Dan
- Posts: 4782
- Joined: Sun Jul 19, 2015 7:36 pm
- Location: Denmark
- Languages: Monolingual travels in Danish, English, German, Dutch, Swedish, French, Portuguese, Spanish, Catalan, Italian, Romanian and (part time) Esperanto
Ahem, not yet: Norwegian, Afrikaans, Platt, Scots, Russian, Serbian, Bulgarian, Albanian, Greek, Latin, Irish, Indonesian and a few more... - Language Log: viewtopic.php?f=15&t=1027
- x 15020
Re: Why the captchas to login?
I have to solve a captcha every time I log in. The 'remember me' option is not like the one from certain other progams where your ID and password is stored on the machine and then you don't have to write it next time. This 'remember me' just saves you from being logged out all the time during the session - and the only price seems to be that I see my title lines in black instead of blue. I don't even know if that problem has been solved because now I always do the 'remember me' thing.
PS: I have set my browser up to remove cookies and history when I log out so maybe things would work differently if my password actually was stored somewhere on the machine, but I don't like that thought.
PS: I have set my browser up to remove cookies and history when I log out so maybe things would work differently if my password actually was stored somewhere on the machine, but I don't like that thought.
1 x
- mrwarper
- Orange Belt
- Posts: 106
- Joined: Sat Jul 18, 2015 4:06 pm
- Languages: A bunch, in various stages
- Language Log: http://how-to-learn-any-language.com/fo ... ?TID=39905
- x 149
- Contact:
Re: Why the captchas to login?
I would normally say "with good reason", but except for login (when you need to actually send your password), nowadays all subsequent session renewal and such, where some information needs to be sent back and forth between the server and you for validation --normally in the form of cookies-- should be done with a one-way transformation ("hash") of your password instead of it.Iversen wrote:I have set my browser up to remove cookies and history when I log out so maybe things would work differently if my password actually was stored somewhere on the machine, but I don't like that thought.
This means that if you don't store your password somewhere to automatically fill the login form, your password shouldn't be recoverable from cookies, etc. so you shouldn't need to be especially paranoid about that.
Naturally, I still am, so I had to assume what the "remember me" checkbox here actually does (and be wrong about it ; )
0 x
MrWarper while HTLAL is offline.
-
- Black Belt - 1st Dan
- Posts: 1582
- Joined: Mon Jul 20, 2015 12:35 pm
- Location: Scotland
- Languages: Native: English
Advanced: Italian, French
Intermediate: Spanish
Beginner: German, Japanese - Language Log: viewtopic.php?f=15&t=1855
- x 6050
- Contact:
Re: Why the captchas to login?
The captcha requirement is reasonable and understandable. The awful usability around it here (first login attempt being ignored entirely and captcha only being shown afterwards, "Remember me" not being preserved, and the confusing message about maximum login attempts exceeded), not so much.
Edit: I know there are workarounds like entering x for the fields on the first attempt, but a bad user experience with workarounds is still a bad user experience.
Edit: I know there are workarounds like entering x for the fields on the first attempt, but a bad user experience with workarounds is still a bad user experience.
Last edited by garyb on Fri May 06, 2022 10:03 am, edited 1 time in total.
4 x
Return to “Technical Support and Feature Requests”
Who is online
Users browsing this forum: No registered users and 2 guests