Security updates: reCaptcha and Two-factor Authentication

[Xz0mb13killaX]

In response to post #61998967. #62058087, #62075827, #62145702 are all replies on the same post.

TheCaptain19WingNut wrote: "Most of the time, this system will not require any input from the user, but if deemed necessary, you may be presented with a challenge or puzzle that is intended to be easy to solve by us humans but prove difficult for bots." THIS HAPPENS EVERY DAMN TIME I TRY TO LOG IN!! The text is completely unreadable. It takes usually 6+ tries and dozens of reloading the text to get one I can kinda guess the letters of. It is anything but "easy for us humans" and nothing but an annoyance that DOES NOT HELP WITH SECURITY. Just read this: https://www.komando.com/happening-now/355395/captcha-codes-are-more-than-just-annoying-theyre-putting-your-security-at-risk. This is completely useless.

TheCaptain19WingNut wrote: Well it only took 2 dozen time today. WTF!!!!! Its about time nexus had some competition. This used to be a good site but its been getting worse. They dont support NMM anymore and the re-captcha is a damn joke.

Mk15dap3sLVLghnQfIzftlkNU4 wrote: I'll add this here:
"Google's new CAPTCHA security login raises 'legitimate privacy concerns'"
https://www.businessinsider.com.au/google-no-captcha-adtruth-privacy-research-2015-2

Partial summary. Google ReCaptcha doesn't just check if you're human, it identifies you as a specific individual and tracks your travels across the Internet (e.g. including sites with Google captcha logins). When you use their recaptcha, they also place / update a Google cookie to remember where you individually have been / your activities. They use a mix of fingerprinting techniques (anonymity-defeating techniques), including examining all info about your browser, including which browser addons you have installed. In other words, it's Google.

CyniclyPink wrote: Im really looking forward to the reply for this.....

"Google's new CAPTCHA security login raises 'legitimate privacy concerns'"
https://www.businessinsider.com.au/google-no-captcha-adtruth-privacy-research-2015-2

the mere act of casually browsing mods isn't even fun anymore.........

[customtemplar]

This is a step in the right direction, but SMS based 2FA is not very robust as its vulnerable to interception. Hopefully TOTP 2FA can be implemented soon.

[ozzyfan]

I'd prefer a tap/click-to-solve authentication to ones where you have to type out words. More convenient for mobile phone users. Edited August 3, 2018 by ozzyfan

[LadyHonor]

This is so dumb. I usually like the sites upgrades, but this one is nothing but a pain. When I accessed it with my pc all I had to do is click "I am not a robot." When I accessed it with my cellphone I had to do the captcha thing that was nearly impossible to read. I finally had to use the audio thingie to say it for me. If it has to be there it would make much more sense to only have to click the I am not a robot for cell access and do the captcha thing for your pc browser.

[anonymousgammer740]

In response to post #62414077.

LadyHonor wrote: This is so dumb. I usually like the sites upgrades, but this one is nothing but a pain. When I accessed it with my pc all I had to do is click "I am not a robot." When I accessed it with my cellphone I had to do the captcha thing that was nearly impossible to read. I finally had to use the audio thingie to say it for me. If it has to be there it would make much more sense to only have to click the I am not a robot for cell access and do the captcha thing for your pc browser.

yea i don't like it either it is stupid and pointless to have a set up like that . i would never do something like that if i run a website .

[anonymousgammer740]

In response to post #61983402. #61992362, #61993342, #61994292, #61998187, #62004637, #62004807, #62005667, #62051437 are all replies on the same post.

ConnieandMike wrote: I don't mind the capta but when it starts wanting me to click on pictures that have this or that in them... I can't stand that. It just goes on & on sometimes.

Kenrox wrote: Cause you are a robot.
Gotcha!

Dipanjanc33 wrote: And robots don't complain!!!

Moksha8088 wrote: I think one of the first rules of robotics is that the robot is supposed to comply provided you have purchased both the robot enabling microtransaction and a set of the Doom Marine Power Armor.

Black Jack 11 wrote: Give me the pictures over the word reCaptcha i suck at the word reCaptcha

BAPWAS wrote: What if a Synth tries to log in? :D
Jokes aside, ConnieandMike said it right. It just goes on and on most of the times (7-8 pictures sometime).

Pickysaurus wrote: The number of image challenges is based on how convinced Google is that you're not a synth... once you've got passed them though you can stay logged in or it should require less challenges (or none) next time you try to login.

Dubbyk wrote: Lets hope it's more effective then the G.O.A.T. at spotting robots

dubiousintent wrote: "It just goes on & on sometimes." Been there, had that.

This can happen if you do not enable cookies from third-party sites (such as Google) or destroy them too quickly. You definitely need to enable persistent cookies from "*.Nexus.com" to avoid most of the recaptcha annoyance on your personal device.

makes me wounder what they have agents robots . .

[JaxomPern]

In response to post #61978992.

GOLDENTRIANGLES wrote: Looks good.

NO it does not look godd ;(

I have now tried 2 WEEKS daily multiple times to login and recaptcha did not work and fallback did not Trigger!
It is pure Luck it did trigger now! I Start toi really HATE Google recaptcha and Nexusmods gets more and more annoying.

WHY ?! Money issus (Server) or whatever.. And i can't update my hardware or software just for fun to "meet" their expectations money is THERE an issue too ;)

P.S. Please think about people not able to use "modern" browsers. And sometimes "modern browsesr are an annoyance too.

[evelynharthbrooke]

In response to post #61978992. #63448116 is also a reply to the same post.

GOLDENTRIANGLES wrote: Looks good.

JaxomPern wrote: NO it does not look godd ;(

I have now tried 2 WEEKS daily multiple times to login and recaptcha did not work and fallback did not Trigger!
It is pure Luck it did trigger now! I Start toi really HATE Google recaptcha and Nexusmods gets more and more annoying.

WHY ?! Money issus (Server) or whatever.. And i can't update my hardware or software just for fun to "meet" their expectations money is THERE an issue too ;)

P.S. Please think about people not able to use "modern" browsers. And sometimes "modern browsesr are an annoyance too.

They're not going to focus on older hardware or browsers. It's 2018, they're just trying to adapt to newer technology. It's not their fault that your older hardware can't seem to exactly keep up. And it's not money issues, it's security issues. They need to enhance their security otherwise the risks of them getting hacked are higher. Edited September 13, 2018 by KamranMackey

[AzureRaptor]

In response to post #61982862. #61985287, #61989602, #61992117 are all replies on the same post.

Gummiel wrote: Aww no option to use a 2FA app on your phone? Ofc this is better than nothing, and deffinatly a step in the right direction, but 2FA with email only is rather cumbersome to use, compared to an app on your phone

kojak747 wrote: i prefer 2fa email tbh

Gummiel wrote: Well I never said to replace it, but offer it as an option beside it, that said the kind of 2FA that utilize a phone app, is in fact more secure, since with a mail based system there is a mail that could be intercepted with the code needed to get into ones account, where as the app based 2FA dont have any data being send at at all, so they would literally have to hack into your phone first to then get the code

acbatchelor wrote: I agree that there should be an option for 2FA by phone. It doesn't even have to be an app. I've seen it done by text message as well.

I strongly second the motion for an optional TOTP-based 2FA system. It's really not that hard to set up, and considerably more secure than email-based 2fa - nor is it subject to email delays.

[fgy67hjjuytt]

> Many of you have no doubt already noticed the first of these new features when logging in to the website

 

You mean that god awful login Captcha that is hilariously easy to get around by abusing googles own speech to text service?

 

> Most of the time, this system will not require any input from the user

 

Maybe if you're lucky and don't care about privacy, for the rest of us it's a ordeal of disabling various anti-tracking addons, disabling content blocking and enabling javascript

 

> We realize that this may be a bit of an annoyance

 

It's a massive annoyance. In fact it's such an annoyance that I got feed up and now just use jdownload2 and it's niffy little Captcha solver to avoid logging in via a browser

 

> but we feel these systems are necessary to help ensure that our services are not compromised

 

Lol then you're wrong. No other website does this, not to mention that if you actually cared about the risk of compromised you'd set up some sort of proper 2 factor auth instead of this disgrace of a email system. Yea no need to worry about compromise when anyone with access to my email account can read my 2fa codes.

 

There's also the fact that this terrible system doesn't even bother to make the user fill in the code every time, so if my computer is ever compromised your 2fa won't mean s#*!

 

> When enabled, this system serves two purposes. First, it is designed to keep your account secure by ensuring that you, and only you, have access to your account

 

No. It ensures that anyone with access to my computer or my email can access my account. I mean really how hard is it to set up a OTP system?