Why the CAPTCHA test is a necessary evil

You are here

A quick note about why that CAPTCHA test is now required to log in:

On Friday afternoon I noticed that we were getting more failed login attempts than is normal. Rather than it being a simple-yet-unusual coincidence, we deduced that it was an automated script (read: robot) that was trying to gain access.

This method is what's known as a 'brute-force' attack, and I can assure you that its bark is a lot worse than its bite! It's called a 'brute-force' attack because it's widely-used and mind-bogglingly inefficient. All it can do is guess at a random combination of usernames and password, and when that inevitably fails... it tries again.

We detected it early, set a rule for the website to request each user sets a new password when they next log in (as an extra precaution, as there was no point in not being too safe), and installed the CAPTCHA test. Seeing as the CAPTCHA test is random every single time for every user, it effectively eliminates any chance that lowly robot ever had in the first place.

In a week or so when the dust has settled, we'll remove the CAPTCHA test again and let you go back to the simpler process of logging in. I can only apologise for the hassle, but we've got your best interests at heart!

Web Team: 1 ; Bad Guys: 0.