Damn your Captchas! Your servers are insecure!

[Deleted4487881User]

I have/had 2 accounts on nexus forums due to me playing World of Warcraft a couple of years ago.

 

I am using strict security measured. Careful use of password managers, rescricted rights on my PC, not doing weird downloads, not using MS Outlook. Among other things.

 

MY OTHER accounts have not been hacked.

 

BUT data of BOTH of my accounts on NEXUSMODS was found in data collections, as told by a data privacy institute. (Hasso Plattner Institute, Potsdam, Germany)

 

I entered your website to delete both accounts. Wich is the only reasonable thing you can do in such a case.

 

I had not logged in in quite a while.

So a thousand captchas awaited me. Including password recovery-emails.

 

GUYS: IF YOUR SERVERS ARE NOT SAFE: A THOUSAND CAPTCHAS DO NOT MAKE YOUR WEBSITE SAFER!!!

 

Your users data will still be stolen.

 

But CAPTCHAS are so comforting: Just order captchas from google with the highest security setting and your website will be safer. Wrong. It will be just more unusable!

 

Make your servers safe! And pull back the Google-captchas PLEASE!

 

Best wishes!

 

PS: Doing all those captchas for 10 minutes was REALLY disturbing. Just to send myself password recovery emails in the end just to solve Captchas JUST AGAIN.

Goddammit! Magic word: SERVER SECURITY!

 

Yes, those are traffic lights. Yes, this it a hydrant. Yes, those are buses!

Edited January 27, 2019 by Guest

[TheGreatFalro]

The only data breach on the Nexus was from a single incident in 2013, which all members were alerted to.

 

BTW, having multiple accounts is and has always been against the rules.

[Arthmoor]

Also captchas are not in place to prevent data breaches. They're there to stop the tsunami of spambots who register accounts from getting in, or at least to blunt that to a small wave.

[Ethreon]

Capchas were never meant to be security measures, so what you on about ?

[Avistarion]

i came here to complain or see if i could get the captchas on my account to stop... obvi this guy is gone as well, i too however am annoyed with the captcha thing,,, im def not a bot ... a paid prem member,,, and i download alot simply because of how many mods are getting removed or are now set to hidden, for what ever reasons, exp... the mxr fiascal.. this still does not make me a bot nor a sec risk... having to click these things every time i log in is getting old, and it wasnt always every single time before, but now it is.... doesnt seem right... how do i stop it from happening... and on a side note Art, love your mod work, Legendary....

[Arthmoor]

If you want to avoid having to log in so much and deal with the captchas all the time, let Nexus set cookies. Then you won't need to log in until that expires. And yes, it may or may not help to also be logged into a Google account and let it set cookies too.

[leonardo2]

A while back I had to do the capatcha thing, but not anymore since I frequently login here and doing that makes me *immune* to Google's reCapatcha.

[SyntaxError]

I rarely use my account here, but I just got an email stating that someone tried to password recover my account. It sure wasn't me. I use KeePass for all my online accounts, and I make extensive use of it's built-in password generator, so no simple passwords for me. I get the captchas every time I log in, but it hasn't been a problem.

 

Not sure what's going on, but there's definitely some sort of penetration testing against Nexus happening. I could care less if my account here did get breached, since there's no information in my profile for that very reason.

 

FYI to the OP: captchas have nothing to do with security. They simply stop bots from logging in as an anti-spam measure. Makes the job of the mods a bit easier and keeps the forum and mods site comments from getting cluttered with crap.