03. Problems - Brute Force Attacks
Simple Problems with Passwords
Brute Force Attacks
ND004 C03 L03 A08.0 Serialization V2
An Alternative to Rate-Limiting: CAPTCHAs
Sometimes, rate-limiting or rejecting multiple requests is not the solution. One unintended consequence, for example, would be locking a legitimate user's account because it is under attack. An alternative is something known as a CAPTCHA or " c ompletely a utomated p ublic T uring test to tell c omputers and h umans apart". A CAPTCHA is designed to be easy for a human but difficult for a machine. In this instance, a connection is flat out rejected if a "bot" or script is attempting to gain access through multiple attempts.
Until recently this was most commonly performed by asking a user to type some form of difficult to read text into an input. But, this problem is adversarial, and with advances in computer vision, these were defeated by scripts. One modern implementation of this system that can be added to your site is Google reCAPTCHA . This API produces a score from 0 to 1 of how likely the visitor is a bot based interactions with your site.