将验证码放在登录表单上是不道德的吗? [英] Is it immoral to put a captcha on a login form?

问题描述

在最近的项目中，我在登录表单上进行了验证码测试，以阻止可能的暴力攻击.

In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks.

其他同事的立即反应是要求删除它，说这不适合该目的，并且在那个地方看到一个验证码是很奇特的.

The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place.

我在注册，联系方式，密码恢复表单等上都看到了验证码图像.因此，我个人认为在这样的地方放置验证码也没什么不妥.好吧，它显然会消耗一点点可用性，但这是时间和习惯的问题.

I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it.

由于缺乏验证码测试，人们不得不放置某种黑名单/帐户锁定机制，这也有一些缺点.

With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks.

这对您来说是一个不错的选择吗?我会变得有些人为化，需要某种形式的团体治疗吗?

Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy?

谢谢.

推荐答案

只需为给定用户的登录尝试失败的情况添加CAPTCHA测试.这就是许多网站目前正在做的事情(例如，所有流行的电子邮件服务)并且侵入性小得多.

Just add a CAPTCHA test for cases when there have been failed login attempts for a given user. This is what lots of websites currently do (all popular email services for instance) and is much less invasive.

但是，只要攻击者无法破坏您的验证码，它就完全可以阻止暴力攻击.

Yet it completely thwarts brute force attacks, as long as the attacker cannot break your CAPTCHA.

这篇关于将验证码放在登录表单上是不道德的吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！