Captcha on Login

[Dark0ne]

Captchas are worthless, I would rather have real two-factor authentication.

 

 

That's coming too.

 

Captcha's certainly aren't worthless.

[7thNighthawk]

Just the kind of cancer we needed on this site.

 

EDIT: That new captcha never works on first try, as stated above. The old captchas could be annoying at times but this one is an absolute nightmare. It's a pure waste of time and feeds that monstrosity of an enterprise named Google with even more information.

Edited June 12, 2018 by 7thNighthawk

[pwhgn]

i have literally never encountered a recaptcha_v2 where a click would have sufficed. i have to loop through at least three slideshows each captcha i have encountered. having a static ip address is certainly not helping either. guess google doesn't like me.

 

anyone got a hint how to skip those faster? i.e. a custom browser user agent string or the like? not erasing cookies after closing the browser is not a viable solution for me.

 

I think there isn't an easy solution, because Google "NoCaptcha" is mostly based on tracking and fingerprinting on 3rd party sites... you had to turn off all privacy addons and let google track you on some random sites with Google Analytics to get rid of the "extra challenges" :(

 

https://threatpost.com/googles-recaptcha-cracked-again/128690/ has some more Information, the bypass itself isn't the interesting part (its fixed, and the new one is based on audio variant also), but the 2 papers linked in the article describe how a part of it works...

 

"In particular, Silvakorn et al. found that Google's tracking

cookies play an integral role in the captcha's defenses.

The captcha system is made aware of every time a user

interacts with a Google service (or a page with Google's

tracking cookies, such as Google analytics). After just 9

days of automated browsing across different Google ser-

vices, their bots' tracking cookie was sufficient to fool

the risk analysis system into thinking they were human,

and checking off the box."

 

In addition there is Canvas-Fingerprinting to associate the sessions and testing for some Javascript APIs and Objects (some Privacy related Addons alter or block some of them).

 

If i wouldn't know better i would say that isn't a captcha system against bots, but against a much more hostile enemy for google: privacy control! But that can't be true, because Google is a philanthropic company offering services like captchas and analytics for free, just to help humanity! Isn't that a nice thing? :)

 

@staff

No serious, it would be very kind if you could consider using one of the other working captcha system out there, why it had to be the most annoying one? :( Clicking a circle or fill in 2 words (or fill in 20 words) is nothing comparing to THAT...

[7thNighthawk]

Just had to go through hell and back because Google think it's funny to issue super small images with lots of film grain where the "car" is potentially anything. The sound challenges are disgusting as well. Please get rid of this abomination; I don't want to spend five minutes just trying to get in every time.

[kamikatze13]

[kamikatze13]

 

I think there isn't an easy solution[...]

 

yeah done my fair share of research as well - found it quite nice how researchers fooled the captcha with google's own audio recognition api. for me, the moment i press the `audio challenge` button i get instantly ip banned for a few hours. figures.

 

what i did gather, though, that i can somehow prevent new squares from appearing when i use my mobile internet. it's inconsistent, though, so no idea whether it's a user agent check or some kind of a speed test in the background triggering this behaviour.

[Rhoops]

Dear Robin

 

Your comment:

 

"Captcha is very effective at keeping most bots (and some humans, unfortunately) out. We think the merits of having it to supplement our security outweight the inconvenience to our users."

 

 

 

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

outweight the inconvenience to our users

 

 

That my capcha.

 

F**king annoying isn't it.

 

I haven't been on Nexus for a month or so, returned to get Falllout 3 mods to try replaying that. But go through captcha crap every time now?

NO CHANCE

Its not that they are just annoying, they are facile and indicative of a poor approach to security.

I use a VPN for virtually everything, thanks to Google intrusiveness, (oh and its not a generic captcha , you are using Google Captcha- Yay for Mr Corporate) and the captchas simply fail to work when the VPN is turned on.

So- boils down to a fundamantal choice: VPN or Nexus?

Seriously?

My privacy and VPN win every time without question.

 

"outweight the inconvenience to our users"

 

No... you are being complacent and in this instance- totally wrong.

 

You all gone corporate shiny suit sweetie. That's a real turn off in itself.

 

So, sign out...

VPN... ON.

Can't get into Nexus...

...delete taskbar shortcut to website...

Oh well

It was good while it lasted.

 

Edit: WTF.. can't even get out of this Forum without Google being told about it...

 

 

You are taking the piss...

Edited June 13, 2018 by Rhoops

[Dark0ne]

Thanks for your input. I'll leave this open so people can get things off their chest. Feel free to vent.

[Traumtaenzer]

In my opinion changes to the login procedure should be announced on the site news. That would be user- friendly.

 

The new login procedure is working on a Windows 7 PC, Opera Browser after one captcha fine (tested at work). First try = success.

 

At home I use a gaming PC with Windows 10 Pro, Opera Browser (default configuration after installaion). I have to go through three captcha sessions most times . Sometimes it is not suceessful, I am told "false username or password". That is happening too if I use the option "forgot my password". I do not know the reason for this but I don't like needing up to 10 minutes for trying a login. Perhaps You shoud provide a user manual for login with configuration settings for the most browsers ;-)

[kamikatze13]

Thanks for your input. I'll leave this open so people can get things off their chest. Feel free to vent.

 

with all due respect - we don't need `a place to vent` but a solution to a usability problem