Private Access Tokens instead of Captcha

PrimeNumber7

copper member

Activity: 1610

Merit: 1899

Amazon Prime Member #7

Quote from: Charles-Tim on June 28, 2022, 03:35:44 AM

Quote from: DdmrDdmr on June 28, 2022, 04:23:31 AM

Quote from: Charles-Tim on June 28, 2022, 03:35:44 AM

<…>

Actually, the general method to obtain your personal captcha bypass code is through the results shown on this link:
https://bitcointalk.org/captcha_code.php

I think you’ve shared your own personal code in your post. If so, it would be best to reset it:

Quote

If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it

(from the above link’s page content)

The link that Charles posted was - https://bitcointalk.org/index.php?action=login;ccode=6f11af59a2b420824fcc

@Charles-Tim - you edited your post, but several people archive forum posts when they are created. if you have not already done so, you need to reset your captcha link; editing your post will not hide your link.

As others have stated, it is already trivial to bypass the captcha requirement after you have logged in a single time. From what I can tell, the subject technology is only available to users with certain devices, so some people would not be able to use this technology if it were implemented on the forum.

SquirrelJulietGarden

hero member

Activity: 1260

Merit: 723

With forum captcha code, you can change it after a few months. The same like you are required to change password of your account on some platforms. The forum does not force you to change and get a new captcha code. It is personal choice but it is not harmful to change yours after a few months.

Without captcha code, you can log in your account but will need more time to enter captcha. Sometimes you succeed, sometimes you fail. It is annoying too but make sure if you use captcha code, you must keep it safe like how you keep your exchange account password, 2-factor authentication activation code safely.

jackg

copper member

Activity: 2856

Merit: 3071

https://bit.ly/387FXHi lightning theory

Yup the token to bypass captcha has been here for a while. I think it was just implemented by recaptcha (because it was part of Google/worked on by Google) and you used to have to dm admins for a link to run bots on the site but now it's automated.

DdmrDdmr

legendary

Activity: 2296

Merit: 10753

There are lies, damned lies and statistics. MTwain

Quote from: Charles-Tim on June 28, 2022, 03:35:44 AM

<…>

Actually, the general method to obtain your personal captcha bypass code is through the results shown on this link:
https://bitcointalk.org/captcha_code.php

I think you’ve shared your own personal code in your post. If so, it would be best to reset it:

Quote

If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it

(from the above link’s page content)

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: PawGo on June 28, 2022, 03:26:54 AM

It is not a big problem on the forum (captcha is for login only, as far as I know), but still interesting feature.

Even I see captcha to be only necessary for registration on this forum. To login, you can bypass it if you use this link to access the login page.

https://bitcointalk.org/captcha_code.php

PawGo

legendary

Activity: 952

Merit: 1367

Hello

As site is using Cloudflare, are you aware of the new feature implemented by Apple (and soon by Google), to "skip" some captcha by "authentication token" from the device?
Some technical details are available here:
https://developer.apple.com/videos/play/wwdc2022/10077/
and here https://www.fastly.com/blog/private-access-tokens-stepping-into-the-privacy-respecting-captcha-less

It is not a big problem on the forum (captcha is for login only, as far as I know), but still interesting feature.

Topic: Private Access Tokens instead of Captcha (Read 122 times)