Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Max Ba2016-06-20 14:13:39
PHP
Max Ba, 2016-06-20 14:13:39

Is it possible not to use captcha during authorization and registration?

Hello. I use AJAX authentication on my site. I send data via POST.
But I don't want to use captcha during login. But I did it differently. I set up a simple counter of invalid attempts. If there are 5 of them, then the session does not allow more authorization until the user starts a new one. Does this method have disadvantages and will it withstand brute hacking (chtoli) well, I'm talking about the idea in general. I say right away that the captcha field of 3 incorrect attempts used to be turned on. But removed. Decided it wasn't needed at all. You can make up to 10 incorrect attempts. Not the point.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
A
Anton B, 2016-06-20
@bigton

I am also against the default captcha.
When authorizing, I hang up the counter of unsuccessful attempts on the username (not on the ip + useragent pair). After 5 unsuccessful attempts within 5 minutes I display the captcha.
When registering, the counter can be hung up on ip.

Report
V
Vitaliy Orlov, 2016-06-20
@orlov0562

Any data tied to the client side (sessions, cookies, etc.) will not protect in any way from password brute force.
The easiest option is to write down the ip and the number of unsuccessful attempts, then, if exceeded, either pause between attempts (try after 5 minutes) or show the captcha (that is, not immediately, but after 5 unsuccessful attempts).

Report
D
Dmitry Krymtsev, 2016-06-20
@krimtsev

Well, with authorization, it’s still okay, but you also mean registration.
there will be a lot of bots without captcha

Report
A
Alexander Aksentiev, 2016-06-20
@Sanasol

Deleted session cookie = attempt counter reset?
It doesn't protect at all.

Report
E
Evgeny Svirsky, 2016-06-20
@e_svirsky

What's the problem with using it?
Put Google captcha where it is enough to click in the box, and that will be enough:
https://www.google.com/recaptcha/intro/index.html
But without captcha, this is a bad idea in advance)

Report
S
Slava Vitrenko, 2016-06-20
@bagiroff777

IP restriction is not always an option. For example, at my house (apartment building) the whole house is on one (!) ip.

Similar questions
M
Masteron2015-10-09 17:27:53
Stupid question (how to open php extension files)? 4Reply
A
Alexander Krupnov2015-10-09 21:12:37
How to run a program on Windows over the network from the Linux command line? 3Reply
A
Alexey Dubrovin2021-06-18 03:48:45
Is it possible to display a stub as html when an error occurs in php? 2Reply
G
Greg Plitt2020-04-22 18:35:17
How to remove broken links using phpmyadmin? 1Reply
V
Vladimir S2015-10-09 22:58:54
How to submit a form to bootstrap? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question