[#19749] - Captchas should be available for Login-Forms
- Duplicate Report
- 21 Feb 2018
- Medium
- Build: staging
- # 19749
Hey
I'd like to request an enhancement for the BuildIn Joomla Captcha Feature. I would be great if i could enable the captcha also for the Login-Forms (Frontend/Beckend). This would be a great protection against brute force attacks. I know joomla has a two factor authentication. But not everyone is using the two factor authentication. (Me for example) A captcha would be a good additional protection especially or people who don`t use two factor authentication.
Maybe it's also a good idea to enable this feature by default. This will offer an out of the box protection for people who doesn't configure two factor authentication. But als want to have this feature, when it's an optional features that has to be enabled manually.
Votes
google recaptcha cannot be enabled by default as it requires you to get a key from google
the same reasons that you didnt setup 2fa would probably stop you setting up recaptcha
I still would prefer captcha instead of 2fa. And I think a huge amount of websites don't use 2fa. If you don't belive me check your telemetry.
Of course you can say: "This people are all idiots and it's their fault." But this won't help anyone. Or you do something! You won't change the peoples behaviour by repeating the same thing. Mine neither.
I want this feature even if it's an optional one.
If you plan to enable this by default you could add an additional Captcha-Plugin that works without google. (This would be a nice thing anyway) Or you can continue contributing an insecure software and blame the user for it.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19749.
| Priority | Urgent | ⇒ | Medium |
| Status | New | ⇒ | Discussion |
| Build | every | ⇒ | staging |
| Status | Discussion | ⇒ | Duplicate Report |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-02-21 15:47:15 |
| Closed_By | ⇒ | franz-wohlkoenig |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/19749
closed as duplicate Report.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19749.
This project sucks. I'll switch to TYPO3. TYPO3 is at least an CMS for real business needs and not script kiddies.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19749.
Blunt opinion, this is an application level fix to a server level issue. If you're relying on Joomla as the application to address DDoS or brute force attacks without making server level adjustments, you're already in trouble. The use of 2FA or Captcha in front of a login form might slow things down but it's not a reliable stopgap measure (especially as the form submission can still be POSTed without all data filled in, then you still have the server spinning CPU cycles just to come back to the login form/page and tell the user the 2FA or Captcha is invalid).
Not saying the request here is invalid, but if you're relying on this as a primary mitigation strategy, it's not very reliable.
There are many extensions available already that you can use for this
Hello, I really wonder why there is no option to enable the captcha.
I am aware of the "2FA", but many people don't enable it or even the end-users do not understand how to use it. Honestly, I don't like it myself. Probably good for administration and important sites with a higher security demand. It feels too complicated for simple frontend users and clients who maintain a simpler homepage.
The captcha is available for Frontend Article Submission, Registration" and even on "Contact Forms". So why is it missing in the login menuitem and module!? Makes no sense to me to ommit it on the login screens.
Please, would you mind to re-open the issue...
Duplicate of #7454 and #14791 (and TBH I don't see this one going anywhere either).