Forum Settings
       
« Previous 1 2
Reply To Thread

CAPTCHA for failed loginsFollow

QuoteReply
#1 Nov 05 2013 at 7:26 AM Rating: Good
__DEL__1621210987875
Sage
**
589 posts
Soon we'll needs passwords for our passwords, passwords...

Square Enix wrote:
11/05/2013 9:54 AM
Introducing CAPTCHA to the Lodestone Login Screen (Nov. 5)
We have reminded players on several occasions to exercise caution in safeguarding their Square Enix accounts against attempts by third parties to gain unauthorized access. In order to further strengthen our players’ account security, we have introduced CAPTCHA to the Lodestone login screen.

Players will now be prompted to enter the randomized alphanumeric characters that appear in the CAPTCHA image in addition to their Square Enix ID and password if they fail a log in attempt on any occasion.

We apologize for any inconvenience this may cause, but we kindly ask for you cooperation in helping us better safeguard your personal information and account information.


http://na.finalfantasyxiv.com/lodestone/news/detail/3335ae6a46403c37488518fc5778271362160f1d
▲ Page top
QuoteReply
#2 Nov 05 2013 at 7:41 AM Rating: Good
__DEL__1680481127345
View User Forum
Sage
******
21,262 posts
This is to prevent RMT from brute forcing passwords for known usernames.
▲ Page top
QuoteReply
#3 Nov 05 2013 at 7:46 AM Rating: Good
__DEL__1621210987875
Sage
**
589 posts
Catwho wrote:
This is to prevent RMT from brute forcing passwords for known usernames.


I get that, and I think it's a good thing. It's just the irony that gets me.... I have a password for my online banking that generates a random code that I have to enter into a calculator (that is password protected itself) that generates a random string (that's time sensitive) that I then have to enter (in conjunction with my previous password) to access my account. I understand the need for it, but it doesn't stop my shaking my head in wonder everytime I do it!
▲ Page top
QuoteReply
#4 Nov 05 2013 at 7:47 AM Rating: Good
__DEL__1607905075968
Scholar
*
129 posts
The plague of captcha continues. I wish they'd just skip to biometrics I'm too lazy to type things. In addition to my laziness I find captchas bloody hard to read sometimes. Depends on the captcha but I can't make heads or tails of some of the ones they use.
▲ Page top
QuoteReply
#5 Nov 05 2013 at 8:03 AM Rating: Excellent
__DEL__1646007430286
Sage
*
197 posts
Furiousnixon wrote:
The plague of captcha continues. I wish they'd just skip to biometrics I'm too lazy to type things. In addition to my laziness I find captchas bloody hard to read sometimes. Depends on the captcha but I can't make heads or tails of some of the ones they use.



I HATE captcha also, I can never read that stupid ****, drives me ******* nutz, I've gotten locked out of websites before for to many log in attempts cause I couldn't figure out WTF the captcha said
▲ Page top
QuoteReply
#6 Nov 05 2013 at 8:14 AM Rating: Excellent
KojiroSoma
Scholar
****
4,511 posts
The brute force thing shouldnt be an issue, should it?

Just give it a 15 minute cooldown after 3 failed attempts, and any kind of brute force'ing is out the window.

I cant believe they're making the login process even more anoying than it already was. Regardless of how much they feel it will "help" us.
____________________________
[XI] Surivere of Valefor
[XIV] Sir Surian Bedivere of Behemoth
http://na.finalfantasyxiv.com/lodestone/character/2401553/
▲ Page top
QuoteReply
#7 Nov 05 2013 at 8:55 AM Rating: Excellent
__DEL__1687133820083
Sage
***
1,422 posts
KojiroSoma wrote:
I cant believe they're making the login process even more anoying than it already was. Regardless of how much they feel it will "help" us.


I can, because it definitely fits in with SE's design philosophy: "Never make anything simple when you can make it long, convoluted, and annoying."
▲ Page top
QuoteReply
#8 Nov 05 2013 at 10:01 AM Rating: Good
__DEL__1619396265628
Sage
*
88 posts
Ya... Gods forbid they try to help you not get your stuff stolen
▲ Page top
QuoteReply
#9 Nov 05 2013 at 10:59 AM Rating: Excellent
__DEL__1638145294571
Guru
***
1,208 posts
God I hate Captcha... it's the most annoying invention ever.
▲ Page top
QuoteReply
#10 Nov 05 2013 at 11:10 AM Rating: Excellent
__DEL__1680481127345
View User Forum
Sage
******
21,262 posts
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.
▲ Page top
QuoteReply
#11 Nov 05 2013 at 11:20 AM Rating: Excellent
__DEL__1607905075968
Scholar
*
129 posts
JeremyPD55 wrote:
Ya... Gods forbid they try to help you not get your stuff stolen


No one really disagrees that not having your stuff stolen is good. The parting of ways comes somewhere between a good intention and a bad implementation.

It's ok though CAPTCHA seems to be the security-du-jour. I personally would have preferred the randomly re-organizing numpad PIN thing that some games use. It's also annoying legible all of the time at least.



Edited, Nov 5th 2013 12:21pm by Furiousnixon
▲ Page top
QuoteReply
#12 Nov 05 2013 at 11:24 AM Rating: Good
Niklz
Sage
**
623 posts
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.
▲ Page top
QuoteReply
#13 Nov 05 2013 at 11:32 AM Rating: Good
__DEL__1607905075968
Scholar
*
129 posts
Niklz wrote:
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.


You may or may not but do you guys log in from multiple physical locations? If you do that can cause the suspicious activity password change. If not then I'd be concerned lol.
▲ Page top
QuoteReply
#14 Nov 05 2013 at 11:41 AM Rating: Good
Niklz
Sage
**
623 posts
Furiousnixon wrote:
Niklz wrote:
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.


You may or may not but do you guys log in from multiple physical locations? If you do that can cause the suspicious activity password change. If not then I'd be concerned lol.


No, she doesn't. She has one PC at home that has XIV installed. She goes a week or two without logging in sometimes, that's it. Still it's from one single location. That's why I'm concerned.
▲ Page top
QuoteReply
#15 Nov 05 2013 at 11:44 AM Rating: Good
Tubrudi
Scholar
**
482 posts
Catwho wrote:
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.


That's the thing that has always made me wonder. If nobody knows what the word is in the first place (including the computer that couldn't decipher it), how does the capcha know if you got it right or not?

Edited, Nov 5th 2013 12:44pm by Tubrudi
____________________________
Kuyo - Hume Male - Pandemonium server (Retired)
75 Monk, 75 Samurai
▲ Page top
QuoteReply
#16 Nov 05 2013 at 11:57 AM Rating: Good
__DEL__1607905075968
Scholar
*
129 posts
Tubrudi wrote:
Catwho wrote:
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.


That's the thing that has always made me wonder. If nobody knows what the word is in the first place (including the computer that couldn't decipher it), how does the capcha know if you got it right or not?

Edited, Nov 5th 2013 12:44pm by Tubrudi


That's quite the deep philosophical inquiry. Should just reply "*****" to every single one of them.

"Experts are baffled as to why the word ***** appears in the recently digitized ancient manuscript at some many locations through out and for seemingly no reason..."
▲ Page top
QuoteReply
#17 Nov 05 2013 at 11:59 AM Rating: Good
__DEL__1680481127345
View User Forum
Sage
******
21,262 posts
Tubrudi wrote:
Catwho wrote:
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.


That's the thing that has always made me wonder. If nobody knows what the word is in the first place (including the computer that couldn't decipher it), how does the capcha know if you got it right or not?


I think the assumption is that if a majority of human beings recognize the word as X, it's probably X.
▲ Page top
QuoteReply
#18 Nov 05 2013 at 2:18 PM Rating: Good
__DEL__1691972196123
Sage
****
5,745 posts
Tubrudi wrote:
Catwho wrote:
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.


That's the thing that has always made me wonder. If nobody knows what the word is in the first place (including the computer that couldn't decipher it), how does the capcha know if you got it right or not?

Edited, Nov 5th 2013 12:44pm by Tubrudi

It probably works like this:
Step 1) captcha generates some string and saves that off somewhere
Step 2) captcha puts it through some image distortion algorithm
Step 3) captcha presents distorted image to user
Step 4) captcha compares the user's submitted string to the one that was generated and saved in Step 1.
▲ Page top
QuoteReply
#19 Nov 05 2013 at 2:24 PM Rating: Excellent
__DEL__1680481127345
View User Forum
Sage
******
21,262 posts
That's how regular Captchas work, but reCaptchas are actual scanned images from books and documents that the OCR software couldn't read.

reCaptchas always have two fields - one is the aforementioned computer generated algorithm, and the other is the thing they're trying to decipher. You only have to get the generated or known one right to get access. The second one is trying to get your best guess.

Here's a more detailed explanation: http://www.google.com/recaptcha/learnmore
▲ Page top
QuoteReply
#20 Nov 05 2013 at 2:49 PM Rating: Excellent
Zorvan
Sage
**
551 posts
Niklz wrote:
Furiousnixon wrote:
Niklz wrote:
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.


You may or may not but do you guys log in from multiple physical locations? If you do that can cause the suspicious activity password change. If not then I'd be concerned lol.


No, she doesn't. She has one PC at home that has XIV installed. She goes a week or two without logging in sometimes, that's it. Still it's from one single location. That's why I'm concerned.


If she has a dynamic IP from her ISP ( as most do ), then it's possible FFXIV is seeing her as logging from a "new" location depending on what new IP the ISP has assigned her that day ( or even that logon of that day ). If you're familiar in using router software, set her router to use a specific IP or range of IP's for that PC. That way, regardless of the IP sent from the ISP to the router, the IP from router to PC will always be the same. Should clear up the issue.
____________________________


[ffxivsig]1815523[/ffxivsig]
▲ Page top
QuoteReply
#21 Nov 05 2013 at 3:35 PM Rating: Decent
Pawkeshup
View User Forum
Ken Burton's Reject
*****
12,834 posts
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.
____________________________
Twitter: http://www.twitter.com/pawkeshup
YouTube: http://www.youtube.com/pawkeshup
Twitch: http://www.twitch.tv/pawkeshup
Blog: http://pawkeshup.blogspot.com
Olorinus the Ludicrous wrote:
The idea of old school is way more interesting than the reality
▲ Page top
QuoteReply
#22 Nov 05 2013 at 3:37 PM Rating: Good
__DEL__1642983411582
Sage
***
2,232 posts
Pawkeshup the Meaningless wrote:
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.


Thank you for your input. We are looking into the matter. At this time, however, this is {Working as Intended!}



aka... because SE

Edited, Nov 5th 2013 1:38pm by LebargeX
▲ Page top
QuoteReply
#23 Nov 05 2013 at 3:43 PM Rating: Good
Pawkeshup
View User Forum
Ken Burton's Reject
*****
12,834 posts
LebargeX wrote:
Pawkeshup the Meaningless wrote:
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.


Thank you for your input. We are looking into the matter. At this time, however, this is {Working as Intended!}



aka... because SE
Wrong SE line.

Thank you for your input. However, we currently cannot implement this due to the limitations of the PS3.
____________________________
Twitter: http://www.twitter.com/pawkeshup
YouTube: http://www.youtube.com/pawkeshup
Twitch: http://www.twitch.tv/pawkeshup
Blog: http://pawkeshup.blogspot.com
Olorinus the Ludicrous wrote:
The idea of old school is way more interesting than the reality
▲ Page top
QuoteReply
#24 Nov 05 2013 at 3:58 PM Rating: Good
Niklz
Sage
**
623 posts
Zorvan wrote:
Niklz wrote:
Furiousnixon wrote:
Niklz wrote:
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.


You may or may not but do you guys log in from multiple physical locations? If you do that can cause the suspicious activity password change. If not then I'd be concerned lol.


No, she doesn't. She has one PC at home that has XIV installed. She goes a week or two without logging in sometimes, that's it. Still it's from one single location. That's why I'm concerned.


If she has a dynamic IP from her ISP ( as most do ), then it's possible FFXIV is seeing her as logging from a "new" location depending on what new IP the ISP has assigned her that day ( or even that logon of that day ). If you're familiar in using router software, set her router to use a specific IP or range of IP's for that PC. That way, regardless of the IP sent from the ISP to the router, the IP from router to PC will always be the same. Should clear up the issue.


I'll give that a shot and see what happens. thanks.
▲ Page top
QuoteReply
#25 Nov 05 2013 at 3:58 PM Rating: Excellent
__DEL__1642983411582
Sage
***
2,232 posts
Pawkeshup the Meaningless wrote:
LebargeX wrote:
Pawkeshup the Meaningless wrote:
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.


Thank you for your input. We are looking into the matter. At this time, however, this is {Working as Intended!}



aka... because SE
Wrong SE line.

Thank you for your input. However, we currently cannot implement this due to the limitations of the PS3.

Heeeeeyyyyy now....... *hugs PS3 protectively*

lol
▲ Page top
QuoteReply
#26 Nov 05 2013 at 3:59 PM Rating: Excellent
Callinon
Guru
***
3,737 posts
Pawkeshup the Meaningless wrote:
LebargeX wrote:
Pawkeshup the Meaningless wrote:
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.


Thank you for your input. We are looking into the matter. At this time, however, this is {Working as Intended!}



aka... because SE
Wrong SE line.

Thank you for your input. However, we currently cannot implement this due to the limitations of the PS3.


We apologize for any inconvenience.
____________________________
svlyons wrote:
If random outcomes aren't acceptable to you, then don't play with random people.
▲ Page top
« Previous 1 2
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 273 All times are in CST
Anonymous Guests (273)
© 2024 Fanbyte LLC