Diaspora: No Bot check at the login

Created on 26 Apr 2017  Â·  3Comments  Â·  Source: diaspora/diaspora

I just notes that there is no "verify that you are a human"-Check in the login. To add one may make sense to prevent brute force attacks. Maybe there is the possibility to ask for a verification after you enter a wrong password for the third time or something like that.

✨ feature
Source
picture EyeBook888

Most helpful comment

If the target here is to avoid brute force attacks, we could simply add a wait time after more than 5 wrong passwords. Not need for a captcha at each log in.

picture Flaburgan on 17 Jul 2017
👍2

All 3 comments

A recaptcha would totally suit that.

tursiops33 picture tursiops33 on 30 Apr 2017

You would need to be careful with a captcha. Some users may not be able to get past it if they are using Tor, i2p, etc.
Also the captcha would have to be open source and not send statistical information about logins to some third party (for privacy reasons).

0verk1ll picture 0verk1ll on 17 Jul 2017
👍1

If the target here is to avoid brute force attacks, we could simply add a wait time after more than 5 wrong passwords. Not need for a captcha at each log in.

Flaburgan picture Flaburgan on 17 Jul 2017
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pravi picture pravi  Â·  5Comments
001101 picture 001101  Â·  5Comments
rev138 picture rev138  Â·  5Comments
8spinach picture 8spinach  Â·  3Comments
AlenPelin picture AlenPelin  Â·  4Comments