Hi. I need to configure the default state of user’s login to elevated state, as mentioned here
In other words, I want SS to show a captcha challenge to users since the first login attempt, is that possible?
Thanks in advence for your help.
Best regards!
Why? Do you expect the very first combination of billions tried with a brute force attack is the right one?
Of course not. But, for security reasons, in my workplace they ask us to use both, password and captcha, in all of our systems. I want to convince them to use Survey Solutions instead of develop a system from scratch, but this issue is a must for them.
“Using the captcha” and “show a captcha challenge to users since the first login attempt” are two different things, imho. Make sure you are not confusing the security requirement with 2-factor authentication, which is also a possibility.
Survey Solutions does use CAPTCHA to protect the server from bruteforce attacks on the login form exposed to the internet. Perhaps you misunderstood the comment of your security officer. Let him speak directly to avoid any confusion or confirm that they find the chance of 5 out of 839,299,365,868,340,224 considerably large. (this is just 10 large/small letters and digits, you can certainly have a longer password and use special characters…).
Web surveys use both, password and captcha (immediately from the first try). We have to make some changes in the scheme of implementation, but that’s what we was looking for. Thanks for your time.