Captcha on Login

[leonardo2]

EDIT: @leonardo2: That's the kind of attitude that enables companies to implement more and more consumer unfriendly practices because "people get used to it". You are working against yourself and they don't even have to break a sweat.

Try to tell that to every spammer, spam bots, hackers about not to destroy internet for everybody else who doesn't do that kind of crap.

 

If those *bad* people wasn't around then it's likely that Captcha wouldn't even exist in the first place, but internet is what it is and we need to face that whether we like it or not.

Edited June 15, 2018 by leonardo2

[sweevil]

Have to agree with Captcha being a poor validation. It assumes everyone allows Google services et al, by default. Been a subscriber since 2006 and never had any issues with logging in. Run NoScript. The only, ONLY whitelisted site on this device is Nexusmods. And today when I logged in and was rejected, I thought someone had hijacked my account.

 

I understand you are combating tons of bots and are trying to mitigate invalid accounts. But it is replacing two-factor authentication with three and sometimes four-factor authentication via captchas. And as you can see by almost universal comments....no one is liking it. It is / will drive people away if they have to face hurdles and silly picture-click games just to access your content.

[mach1991]

 

EDIT: @leonardo2: That's the kind of attitude that enables companies to implement more and more consumer unfriendly practices because "people get used to it". You are working against yourself and they don't even have to break a sweat.

Try to tell that to every spammer, spam bots, hackers about not to destroy internet for everybody else who doesn't do that kind of crap.

 

If those *bad* people wasn't around then it's likely that Captcha wouldn't even exist in the first place, but internet is what it is and we need to face that whether we like it or not.

 

problem is that this captcha system in perticular is really bad executed. often endless slider after slider and even when correctly used sometimes still failes for some reason and the audio is 0 unterstandable in most cases. if it werent so tedious i would agree with you but this captcha system is a mess and like denuvo system for drm this only/mostly affect these people negatively that werent a problem to start with while faker may get away with it. its like if few are bad punisch all mentality and thats espacially bad because mods are something made by people with passion for people with passion in gaming its about free thinking and creativity and certantly NOT about restrictiveness and policestate like putting all people under general suspicion. so my points still stand to get rid of this abomination of a captcha system thats infesting our hub for mods and enjoyment. its bad enough that the gamingindsutrie these days behaves like this - we really dont need to do it like them and we should show them like cdproject whats really has driven us all whats gaming all about.

[alsoran]

Browser (Firefox) locked down as much as I can. Signing into Nexus mods was never a problem before, but it is now a problem because the captcha bit of the login is missing. When I adjust my preferences and extensions I get the "I am not a robot" bit but it does not respond to a mouse click. The new captcha system wants me to allow cookies, all cookies it seems. The does not appear to be happy with Ad Blockers or script blockers. When a website behaves like this I usually ignore the site and go elsewhere.

 

Blinding policy, after all these years of being really sensible. There has to be another way to achieve the same ends.

 

I'm writing this on an open browser on a VM. Is it possible to use Nexus Mods and secure your browser anymore? If so, has anyone got a writeup I could use? Could I sandbox it? What is the most secure setup to run Nexusmods?

[kn1ghtfall]

 

problem is that this captcha system in perticular is really bad executed. often endless slider after slider and even when correctly used sometimes still failes for some reason and the audio is 0 unterstandable in most cases.

 

Exactly. It fails too often for my taste: slider after slider, carefully checking you've answered correctly, and then it says "try again". Training that stupid AI for free should be Google's job, not mine.

[axonis]

Thanks for your input. I'll leave this open so people can get things off their chest. Feel free to vent.

This isn't about venting. According to this document, reCaptcha "takes a complete snapshot of the userâs browser window at that moment in time will be captured, pixel by pixel".

 

In the case of Nexusmods, the username and password length are included in this snapshot.

 

I understand your reasons for using reCaptcha, but you have to do it in a way that it doesnât login information to Google.

Edited June 20, 2018 by axonis

[SirSalami]

Due to the concerns raised here (and elsewhere), we are going to explore other options. Nothing set-in-stone, but we'd like to try and accommodate everyone if possible.

 

Google Captcha is a daily nuisance and I will stop logging in. It provides no benefit to me and is infuriating. I use 20 char RNG passwords, I don't need this 'protection'. Please find a different solution to whatever problem you are trying to solve.

Just to clarify, this sort of security is needed to ensure that OUR systems are safe from intrusion, in-turn protecting your account information.

[fjm1963]

We've noticed in recent months a lot of malicious bot activity trying to gain access to people's accounts. They've succeeded in some places and stolen a lot of accounts in the process due to user's using the same logins and passwords across multiple sites that have been hacked and leaked online, and then not changing those passwords.

 

Captcha is very effective at keeping most bots (and some humans, unfortunately) out. We think the merits of having it to supplement our security outweight the inconvenience to our users.

 

We've noticed in recent months a lot of malicious bot activity trying to gain access to people's accounts. They've succeeded in some places and stolen a lot of accounts in the process due to user's using the same logins and passwords across multiple sites that have been hacked and leaked online, and then not changing those passwords.

 

Captcha is very effective at keeping most bots (and some humans, unfortunately) out. We think the merits of having it to supplement our security outweight the inconvenience to our users.

I was away for a very long time, and come back and get a request to re validate my log in as of forgetting what it was in the first place, get close to what my log in was and get sent an email as of the request to re validate, then have to go through all the captch crap and then it seems to log me in .. but that it never tells me what or where the problem is with the log in and that when ever I go to do anything it starts all over again as if that I am not logged i when it says that I am.. annoying like hell... will just make a new bogus account.. instead of using the old one that keeps jerking me around.

[varkonasnorse]

Gee Whiz Guys! C'mon already! Ya know security is YOUR problem, not ours. This inconvenience is just gonna drive people away. Don't tell us to "get used to it", because the vast majority of us won't, and will seek alternatives like (God forbid) Steam. Why punish us because because you can't keep the Google bugs out?

[Dark0ne]

Ya know security is YOUR problem, not ours.

 

 

Our site's security and database security is our problem. Your account security is YOUR problem.

 

A lot of the recent security changes we've made are because users are not looking after their user accounts properly online and are not following best security practices. We have to do this BECAUSE of complacent users, not because our own security is inadequate.