locked
CAPTCHA for Remote login (Increase Security) RRS feed

  • General discussion

  • The Remote login webpage should have a CAPTCHA field on it to prevent robots from trying to access your secured data.

    For people that do not know what CAPTCHA is, it stands for Completely Automated Public Turing test to tell Computers and Humans Apart

    Here is a Winkipedia article on it with examples: http://en.wikipedia.org/wiki/Captcha

    This is a great way to increase security of your server, and it would not be that hard to incorporate into the existing interface.

    I submitted this idea as a suggestion to Microsoft. Please vote for it if you like the idea.

    https://connect.microsoft.com/WindowsHomeServer/feedback/ViewFeedback.aspx?FeedbackID=272626

     

     

    -

    What are your thoughts on this idea?

    Sunday, April 22, 2007 7:35 PM

All replies

  • I hate those things. If it's added, then for the love of all that is holy, please make it optional.
    Monday, April 23, 2007 9:52 PM
  • I agree, I know it might not go well with some people, but for me, security is everything.

    Monday, April 23, 2007 10:05 PM
  • That test isn't that bad, however it causes issue for those who are colour blind. The picture association test on the other hand, is the worst idea I have ever had to use. Possibly someone may want to implement a CAPTCHA through the WHS SDK, as I don't think I have ever seen MS use a CAPTCHA test for any of their web sites.
    Thursday, April 26, 2007 12:13 AM
  • maybe if I was a bank, or a government agency, but for the most part I think it would be over kill. Make it optional for those that want/need it but make it OFF by default.
    Thursday, April 26, 2007 2:06 AM
  • Did you look at the applications section of the Wikipedia article?  CAPTCHA appears to be commonly used to prevent bots from creating logins or user-ids, I have yet to see them used to increase AFTER the login or user-id has been created.

     

    Not quite applicable to WHS where the login or user-id is not being created over the public internet

    Thursday, April 26, 2007 9:47 PM
  • I disagree. Having CAPTCHA will prevent automated attempts to login under you existing account. Right now there is little protection here. This will prevent the possibility of a brute force attack.

     

    Now, another possibility would be to have it so that after X amount of incorrect passwords you cant login for X amount of time.

    Friday, April 27, 2007 10:17 AM
  • Maybe you should be open minded (fordem) and look into some open source packages.  Many of them provide captcha not on for logins but comments or contact forms as well (spam fighting).

    In addition to captcha one could use random prompt for 2 of your login id / password characters.   This way the robots should be defeated for sure. 

    I don't understand that Microsoft could have omitted such a basic security measure. Haven't the guys learned anything yet?  They created a very nice functionality that all of users love, but so do hackers.   I is going to be a marketing (and legal) nightmare, if somebody looses their financial data due to a WHS break in via the WEB access. For myself, I killed this feature until it is fixed.
    Monday, January 21, 2008 8:03 AM
  • The problem with CAPTCHA's is that they are now being bypassed. What happens, is that a hacker's script who comes across one, redirects the whole captcha to a porn site. The porn site user completes the captcha, (thinking they need to do it for their own access,) but the answer is automatically picked up by the hackers script and used for their own access attempts.

     

    They aren't used anyway, on sites with existing User/Password combinations; a better option would be an 'x from 6' system plus auto lock-out. This could easily be added as a small security add-on to any server, or as a Policy setting.

     

    Colin

    Monday, January 21, 2008 6:31 PM