|
|
|
|
|
|
by onion2k
2261 days ago
|
|
|
But if not be aware that users will turn their back on you if you add obstacles between them and your service. You have to balance that against how many users you'd lose if the site was down/vandalized/compromised by an attacker if the captcha protection wasn't there to keep it out. It's often worthwhile moving the captcha away from the initial login or signup form and only putting it on the second or third attempt to login, or on features that put significant load on the server. |
|
|
Though if your service is a lucrative target for {uname,pass} combolist spam, you'll see that each attempt comes from its own IP address and only makes that one request. It's pretty sobering.