manyfold icon indicating copy to clipboard operation
manyfold copied to clipboard
verified publisher icon manyfold3d

Add CAPTCHAs to user forms

Open Floppy opened this issue 1 year ago • 3 comments

As recommended in #2238:

Consider using CAPTCHAs or other challenge-response mechanisms to prevent automated attacks. This should also be added to other forms such as the password reset and registration forms to prevent abuse, such as flooding users' mailboxes and creating numerous accounts to exhaust system

I don't want to add an inaccessible CAPTCHA system (like easy_captcha used by devise_security) - I want something good and accessible. This needs to be done right!

Floppy avatar Jun 18 '24 12:06 Floppy

https://altcha.org/ might be useful here. It can be directly integrated into the app with https://github.com/zonque/altcha-rails, so no third party API, keys etc would be required.

Floppy avatar Jun 18 '24 12:06 Floppy

Have you considered a textual question/answer system?

Edit: CAPTCHAS are inherently inaccessible so you want to try and avoid them at all costs.

Jookia avatar Jun 22 '24 12:06 Jookia

Yeah the accessibility issue is a big thing for me - I definitely don't want to end up with a solution that makes that aspect worse. Altcha looks like it might be good on that front because there's no traditional captcha images etc. I'll explore.

Floppy avatar Jun 23 '24 12:06 Floppy