Joomla-cms: Captchas should be available for Login-Forms
Hey
I'd like to request an enhancement for the BuildIn Joomla Captcha Feature. I would be great if i could enable the captcha also for the Login-Forms (Frontend/Beckend). This would be a great protection against brute force attacks. I know joomla has a two factor authentication. But not everyone is using the two factor authentication. (Me for example) A captcha would be a good additional protection especially or people who don`t use two factor authentication.
Maybe it's also a good idea to enable this feature by default. This will offer an out of the box protection for people who doesn't configure two factor authentication. But als want to have this feature, when it's an optional features that has to be enabled manually.
RichardEb
All 9 comments
Duplicate of https://github.com/joomla/joomla-cms/issues/7454 and https://github.com/joomla/joomla-cms/issues/14791 (and TBH I don't see this one going anywhere either).
mbabker
on 21 Feb 2018
google recaptcha cannot be enabled by default as it requires you to get a key from google
the same reasons that you didnt setup 2fa would probably stop you setting up recaptcha
brianteeman
on 21 Feb 2018
I still would prefer captcha instead of 2fa. And I think a huge amount of websites don't use 2fa. If you don't belive me check your telemetry.
Of course you can say: "This people are all idiots and it's their fault." But this won't help anyone. Or you do something! You won't change the peoples behaviour by repeating the same thing. Mine neither.
I want this feature even if it's an optional one.
If you plan to enable this by default you could add an additional Captcha-Plugin that works without google. (This would be a nice thing anyway) Or you can continue contributing an insecure software and blame the user for it.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19749.
RichardEb
on 21 Feb 2018
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/19749
joomla-cms-bot
on 21 Feb 2018
closed as duplicate Report.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19749.
ghost
on 21 Feb 2018
This project sucks. I'll switch to TYPO3. TYPO3 is at least an CMS for real business needs and not script kiddies.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19749.
RichardEb
on 21 Feb 2018
Blunt opinion, this is an application level fix to a server level issue. If you're relying on Joomla as the application to address DDoS or brute force attacks without making server level adjustments, you're already in trouble. The use of 2FA or Captcha in front of a login form might slow things down but it's not a reliable stopgap measure (especially as the form submission can still be POSTed without all data filled in, then you still have the server spinning CPU cycles just to come back to the login form/page and tell the user the 2FA or Captcha is invalid).
Not saying the request here is invalid, but if you're relying on this as a primary mitigation strategy, it's not very reliable.
mbabker
on 21 Feb 2018
There are many extensions available already that you can use for this
brianteeman
on 21 Feb 2018
Hello, I really wonder why there is no option to enable the captcha.
I am aware of the "2FA", but many people don't enable it or even the end-users do not understand how to use it. Honestly, I don't like it myself. Probably good for administration and important sites with a higher security demand. It feels too complicated for simple frontend users and clients who maintain a simpler homepage.
The captcha is available for Frontend Article Submission, Registration" and even on "Contact Forms". So why is it missing in the login menuitem and module!? Makes no sense to me to ommit it on the login screens.
Please, would you mind to re-open the issue...
pepperstreet
on 15 Apr 2018
Related issues
Didldu-Florian
路
4Comments
alex7r
路
4Comments
chmst
路
5Comments
uglyeoin
路
5Comments
PhilETaylor
路
3Comments
Most helpful comment
Hello, I really wonder why there is no option to enable the captcha.
I am aware of the "2FA", but many people don't enable it or even the end-users do not understand how to use it. Honestly, I don't like it myself. Probably good for administration and important sites with a higher security demand. It feels too complicated for simple frontend users and clients who maintain a simpler homepage.
The captcha is available for Frontend Article Submission, Registration" and even on "Contact Forms". So why is it missing in the login menuitem and module!? Makes no sense to me to ommit it on the login screens.
Please, would you mind to re-open the issue...