Posted on 05/17/2021 7:11:24 PM PDT by BenLurkin
CAPTCHA, which stands for “Completely Automated Public Turing tests to tell Computers and Humans Apart,” first appeared in 1997 and has proliferated across the Internet, slowly morphing into the “Find the bicycle” challenges that we face today. Cloudflare, who obviously has money riding on anything that makes it easier to sift robot attackers from humans, is proposing a new service that uses hardware keys to confirm your existence.
The most popular model, the Yubikey, is a little dongle that connects to your computer and sends a special code when you touch a conductive surface. In this case, the USB key is literally an object you stick into your machine to unlock certain websites and, because you have to interact with it physically, Cloudflare assumes that you’re a human being with fingers. These keys could also pass minimal identifying information onto the website in question but most key manufacturers claim no data changes hands.
“We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity,” it wrote in a blog post. “We want you to be able to prove that you are human without revealing which human you are! You may ask if this is even possible? And the answer is: Yes! We’re starting with trusted USB keys that have been around for a while, but increasingly phones and computers come equipped with this ability by default.”
Yubikeys start at $55 and go up to $70 for more complex versions and even open-source versions cost about $40. A high-end iPhone or Android device with enough smarts to manage the tricks Cloudflare is proposing will cost hundreds if not thousands.
(Excerpt) Read more at gizmodo.com ...
What Cloudfare does is blocking without telling you they're blocking you. They offer a puzzle to be solved but which is in fact unsolvable. First of all, sometimes the logic required is complex but there are no instructions, no "rules" provided. There's no way to tell when you gave the right answers and when the wrong answers. You just keep getting an arbitrary (and infuriating) "Please try again." And sometimes there is no right answer. They're just going to keep screwing with you until you get frustrated and go away.
Which was the point all along. It's Denial Of Service posing as a security measure.
Ping
ROFLMAO!
CAPTCHA is a google technology so like everything google, it's already used for tracking.
CAPTCHA 3 doesn't have pictures to click on. I won't run CAPTCHA on my websites because it requires registering the site with google and placing google code in the website's code. I use honey pots, a hidden field that only bots will fill in. I also used the question/answer thing, answer 4 + 5 etc. I still get a few human spammers.
I hate the two factor authorization, especially if it only uses text messages. We don’t even get a cell phone signal where I live unless we go outside and stand in a certain spot with the phone and that only works on good reception days. There’s one website I use that forces two factor auth but they will do it by email. Problem is, it’s only valid for two minutes but it takes longer than that for the email to come in most times.
A lot of websites are denying VPN traffic. Try going to etsy.com while using a VPN and you'll get a blank white screen. Many of them, like google/youtube will make you do two factor auth if you're using a VPN. It's all becoming a pita simply to surf, especially anonymously.
Much as a hate CAPTCHAs nothing that involves a dongle will gain traction in this modern world where half the web browsing is done by phone.
I like traffic lights.
Those who want CAPTCHA gone just need to find away to tie it to racism then POOF! it vanishes.
I love my youbi key.
They lose my business and I move on.
————
Kinda hard to move on when banks or HR portals or software companies use it
Hate the whole dongle thing (or 2FA code generator device banks used to use) f
“So, replace free CAPTCHAs with dongles you have to pay for”
And uniquely identify you. One of my clients uses these.
“These keys could also pass minimal identifying information onto the website in question but most key manufacturers claim no data changes hands.”
This is where I need Jennifer Lawrence doing her “Yea right” thing.
Capital One does that. 2FA if VPN
Credit Karma: no access
Chase does not. (FaceID sometimes doesn’t work when using VPN)
Time tracker app my employer uses does not work with VPN
Internal company portal doesn’t work with VPN
Yeah banks used to issue physical code generators a while back. They sucked.
I’ll rather deal with email or SMS for 2FA
I move on... If my bank will not let me access my account without it I find a new bank that does. One of the reasons I just gave up 10 years worth of consistent Domain ownership because my host implemented 2FA to access my CPanel and would not take it off.
Took me longer to go through the email crap to access my CPanel than how long it would have taken me to go make the quick changes needing done. They secured me right out as a customer. So I moved on. There is such a thing as too much making it very inconvenient for your customers.
If more stuck to their guns and raised hell or moved on this crap would stop. “Why are you leaving?” Because I am sick of your 2FA crap. But instead most bend just over and take it like Sheep. And this is why this country is screwed up and companies are taking advantage of and abusing their customers.
And then there again is the “one size fits all” mentality. Not everyone has 100% connection time with their phone or even computer. But in their mind everyone does, so it should not be a problem. But they are wrong, and it is a problem for some. Not everyone wears the same size shoe.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.