The captcha is not visible, nor is the checkbox for “I am human”.
Enter username, enter password.
Username and password are blanked, checkbox for captcha is now shown.
Check “I am human”.
Now the fun bit - the Google Captcha.
It is very frustrating to fully and obviously correctly complete a captcha and have it fail, again and again. I think getting the captcha correct is not enough to pass; something else is going on.
The load time for image replacement after selecting an image is something very fast, and sometimes very slow; I think it is deliberately being slowed for suspect users. This makes completing a slow captcha significanty time consuming.
Then then captcha seems to go into “I think you’re false and I’m going to say no, no matter what you do”. You get a series of captchas, along the lines of “click on all squares contain stairs”, which means mousing and clicking about ten or twelve times, and then it fails, and then you get another captcha of the same time, and this simply goes on and on and on.
I rarely try to log in, for obvious reasons. I would say I succeed about one time in five.
This has never been my experience and is almost certainly caused by something in your browser. What browser are you using? What extensions do you have installed? Do you have any network-level adblocking in place?
I get a simple request for my ‘email address’ and password
I use Firefox which stores my login details, in this case my email address and password. This info is encrypted in Firefox and I have to enter a ‘master’ password to allow Firefox to search and find. The request for the master password is only if I close Firefox and have also logged out of of the site before closing.
If I hover over the first input my email address will show
If I click on the email my password is automatically entered
Recaptcha is a major nuisance. Free labor for tech giants, like so much else online.
It also does not like users that are doing anything to protect their privacy online. Using a VPN, in particular, makes it like a 95% chance that I get challenged to ID stuff repeatedly
Framework has made their stance on this very clear many times. ReCaptcha is a necessary industry-standard security measure. Disabling it would subject them to a lot more abuse, and given how much time and effort they already spend fighting abuse, that is not something their team of less than 50 globally, nor the team of 4 volunteer moderators here on the forums (which is also protected by the same ReCaptcha) are prepared to handle.
Issue is caused by higher-than-usual security configurations we’ve set on the browser (e.g. against digital fingerprinting), 3rd party cookies blocking…etc, or VPN. That is, we have a stranger than usual access profile / characteristics…than a normal, less-secure browser of the average human.
I would say this instead: ReCaptcha has been deemed as one of the viable methods for implementing a necessary industry-standard security measure, and subsequently selected by Framework base on various considerations / constraints. i.e. ReCaptcha is NOT necessary. The security measure is. ReCaptcha is a mean to do that.
So what are they so I can modify my Firefox and see the problem.
I have all cookies blocked unless I add an exception, no location, clear cache etc. on closing.
Also, it’s partially dependent on how fast you submit the login form (in combination with the aforementioned factors)…too quick and it’ll prompt you for the ReCapture.
The only setting more stringent in Firefox is to block all cookies. Furthermore I do have NoScript enabled although I’m slightly looser there since I basically trust this site and uBlock Origin is turned completely off. I do get a ReCaptcha prompt when I want to log in but it does not fail over and over. There must be a configuration issue on user end that causes it to break like it does for y’all. I do have decentraleyes enabled as well.
@Second_Coming Does the Firefox panel that allows you to view cookies hiding cookies somehow? Because when I look at installed cookies, the only one I see relevant to this discussion (the others are obviously from other sites I’ve visited) is the one from Framework. 8 cookies actually. So if that’s the case then Google doesn’t even factor into it as it would be blocked by both you and me. Since that would fall under “cross-site cookie”. It seems to me that a VPN is more likely the culprit here since I’m not using one. Even Google-Analytics is blocked via NoScript.
We’re both in the dark as to knowing how Google makes that determination…not going to spend more time on this other than saying that’s the observation from my end.
Google doesn’t factor into this. That’s what I’m saying. Even if Google claimed they were a first-party cookie, Mozilla disagrees. So unless Firefox is lying to me, there are no Google cookies present in my browser, nor are there Google services running in connection with the forum. The problem lies elsewhere. It may be your VPN, it may not be. I don’t know or claim to know but it simply cannot be cookie related.
Alright, I’ll test this theory myself by installing ProtonVPN. Probably the only free VPN I would actually trust.
EDIT: OK, I can’t install ProtonVPN proper but I can enable the browser extension and I don’t have any issues logging in. As usual, I get prompted for ReCaptcha but one pass clears that. Now I have no idea what the configuration issue is. The only thing I can suggest is turning off things and reintroducing them to determine root cause.
The authentication mechanisms in the industry is moving away from password as a factor…(i.e. passwordless is gaining adoption). Something to think about.
Is this going to focus on user login security and or ease.
Seems so easy.
For a high level hack, there’s little of value is there? including my user data.
As far as my activities a password is pretty secure and simply stored.
I don’t want my fingerprint or iris layout, or voice recognition or dna to be my security.
When I’m asked to sign a document manually I write differently so a copy of my signature isn’t a key to anyhting else.
My security info, Date of Birth, mother’s maiden name, favourite colour, pet’s name etc. are all ficticious.
I have one login that asks for my name, DoB and post code, it’s so simple to hack but the business just asks over the phone and gives me access. Real data that can’t be difficult to find, so no real user name here
then remove them once done with.