Page MenuHomePhabricator
Create Task
Maniphest T15918

Make CAPTCHA less obtrusive
Closed, ResolvedPublic
Actions

Description

Author: eip

Description:
Currently, if a user enters a wrong password, s/he is required to do a CAPTCHA on the next try, or wait some amount of time. I propose doing it not after one failed attempt, but only after 2 or 3 attempts.

This wouldn't affect security very much, but will make logging on more convenient. Mistyping one's password is a very natural thing, for those who don't memorize their password in their browser.

Besides, I believe this change will greatly decrease the number of captchas processed per day, which can be useful in terms of CPU spent. Also it will improve accessibility to people with poor sight.

Possible downsides:

It will very slightly make guessing passwords easier.

Required changes:

To have a counter instead of a binary flag, which seems simple.

Version: unspecified
Severity: enhancement

Details

Reference
bz13918

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:09 PM
bzimport added projects: ConfirmEdit (CAPTCHA extension), Accessibility, good first task.
bzimport set Reference to bz13918.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.May 1 2008, 4:40 PM
demon added a comment.Jul 2 2008, 3:01 PM

$wgCaptchaBadLoginAttempts implemented in r36918. This can be set to allow 1 (or more) bad login attempts before triggering the captcha.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL