March 14, 2021 - 3:32pm
Time to do away with Cap-cha Authentication
This method is sooo annoying. I would be happy to volunteer to make some changes to the authentication method. There are so many different options ... and its not like this site needs banking safety ... lol.
The material here is such a great resource and community and it would be satisfying to help bring the site into the 21st century.
Cheers,
Jos
ps. Keep user logged in :). 2FA ... lots of different ways.
Share
Yes, please. Thanks for the offer. Try messaging @floydm
I'm not going to switch to 2FA -- which seems like "banking safety" level security to me and way more of a PITA than a captcha -- or anything like that anytime soon.
Users stay logged in for 2 weeks, I think.
The captcha is annoying but I make it go away for users after they make a post or two of legit content. I just marked you as such.
The site definitely needs an upgrade, it is running Drupal 7 which hits EOL in the next couple of years. I will certainly look at alternatives to the captcha but I person think it is about the right amount of friction. Most bots are filtered out, most human spammers are slowed down by it, then give up after I block their accounts a few times.
Makes me wanna huck my phone. Have you considered angular material ? I have building on this for the past little while and love it !
If I had the bandwidth for a big new passion project I might, but I'm a full-time* Drupal developer and so probably will stick with it here too. Plus that makes the eventual upgrade that much less disruptive since much of the CMS feels similar.
Regarding authentication, I'd consider adding OAuth so people could use accounts from elsewhere to sign in but, again, I like that there is a bit of friction to slow spammers down. I fear with OAuth there wouldn't be enough and we'd get flooded again.
* Not fully full-time Drupal developer because I do a bit with Angular and Vue.js and React and Craft CMS and WordPress and Django as projects require, but mostly Drupal development.
Thanks Floyd,
I have been a long time member, occasional participant. I've come back to this site recently so I was bumping in to the capcha on every move .... It is no longer annoying now that is it is not there ... thanks!!
Joe
ps. I retired from my day job as an IT PM several years ago, went back to baking school and have been working as such for a few years now ... hence my renewed interest in your site.
It’s not just annoying... it’s an impediment to participation. I post seldom because it’s such a hassle.
currently the site won't allow me to sign in on computer browser: "temporarily blocked" after 5 failed pw attempts. i successfully reset my password and can log in on my phone but desktop still says blocked. and yes i cleared cookies and even pulled up a completely different browser. and yeah, the capchas at every friggin step have just about doubled my frustration.
Capcha always fails and requires multiple screens. I won't say always but darn near almost always. It is completely frustrating. 2FA always works and is easily used. My point in suggesting 2FA was not to move toward bank security, but to implement a more consistent easy to use verification.
I vote for disable capcha and just start banning users who spam ... no second chances ... spam boom gone. In fact, get a few users the appropriate admin levels to help support this site ... I think Floyd's work workload and supporting this site probably stretch him very thin.
I use a VPN and despise Capcha. I have to do it all the time, usually twice.