Is recaptcha required on the login page?

J

jazzus2020-01-10 23:15:45

reCAPTCHA

jazzus, 2020-01-10 23:15:45

Invisible recaptcha 2 installed on the registration page. Because there is only one form (a common js component with ajax sending), then the captcha works on the login page. Does it make sense to leave the captcha there? It already has: request limit per minute, hidden field, scrf token and request validation. Those. what is advised on google. Do you need another captcha or is there no point and it will only be an unnecessary annoyance for the user? The captcha is hidden, but sometimes pictures appear, select a bridge, etc.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Dimonchik, 2020-01-11
@jazzus

not needed until the moment
I monitor competitors: when, sometimes, they start to brute us (we put a captcha on the Nth attempt + there is packet analysis), I see a competitor - a captcha appeared on the login - the moment has come
so - evaluate yourself which is more convenient, sometimes it makes no sense - the same confirmation of the mail is cut off

A

Anton Neverov, 2020-01-11
@TTATPuOT

If someone falls to bypass the captcha, he will bypass, do not hesitate. Make better service good.
The question should be about how many bots visit you. If the numbers are for 30-50% of the total audience, then, of course, the basic way of protection will be installing recaptcha. But this is not a guarantee.