Forum Settings
       
Reply To Thread

CAPTCHA for failed loginsFollow

#1 Nov 05 2013 at 7:26 AM Rating: Good
**
589 posts
Soon we'll needs passwords for our passwords, passwords...

Square Enix wrote:
11/05/2013 9:54 AM
Introducing CAPTCHA to the Lodestone Login Screen (Nov. 5)
We have reminded players on several occasions to exercise caution in safeguarding their Square Enix accounts against attempts by third parties to gain unauthorized access. In order to further strengthen our players’ account security, we have introduced CAPTCHA to the Lodestone login screen.

Players will now be prompted to enter the randomized alphanumeric characters that appear in the CAPTCHA image in addition to their Square Enix ID and password if they fail a log in attempt on any occasion.

We apologize for any inconvenience this may cause, but we kindly ask for you cooperation in helping us better safeguard your personal information and account information.


http://na.finalfantasyxiv.com/lodestone/news/detail/3335ae6a46403c37488518fc5778271362160f1d
____________________________
Solomon Grundy | Born on a Monday | Excalibur Server | Abyss: Welcome to a Higher Quality of Nerding™
#2 Nov 05 2013 at 7:41 AM Rating: Good
Needs More Smut
******
21,262 posts
This is to prevent RMT from brute forcing passwords for known usernames.
____________________________
FFXI: Catwho on Bismarck: Retired December 2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest and Taprara Rara on Lamia Server - Member of The Swarm
Curator of the XIV Wallpapers Tumblr and the XIV Fashion Tumblr
#3 Nov 05 2013 at 7:46 AM Rating: Good
**
589 posts
Catwho wrote:
This is to prevent RMT from brute forcing passwords for known usernames.


I get that, and I think it's a good thing. It's just the irony that gets me.... I have a password for my online banking that generates a random code that I have to enter into a calculator (that is password protected itself) that generates a random string (that's time sensitive) that I then have to enter (in conjunction with my previous password) to access my account. I understand the need for it, but it doesn't stop my shaking my head in wonder everytime I do it!
____________________________
Solomon Grundy | Born on a Monday | Excalibur Server | Abyss: Welcome to a Higher Quality of Nerding™
#4 Nov 05 2013 at 7:47 AM Rating: Good
*
129 posts
The plague of captcha continues. I wish they'd just skip to biometrics I'm too lazy to type things. In addition to my laziness I find captchas bloody hard to read sometimes. Depends on the captcha but I can't make heads or tails of some of the ones they use.
____________________________
- The artist usually known as Angrynixon
#5 Nov 05 2013 at 8:03 AM Rating: Excellent
*
197 posts
Furiousnixon wrote:
The plague of captcha continues. I wish they'd just skip to biometrics I'm too lazy to type things. In addition to my laziness I find captchas bloody hard to read sometimes. Depends on the captcha but I can't make heads or tails of some of the ones they use.



I HATE captcha also, I can never read that stupid ****, drives me ******* nutz, I've gotten locked out of websites before for to many log in attempts cause I couldn't figure out WTF the captcha said
____________________________
Character Name: Jeskradha Duskmantle
Free Company - The Kraken Club <ZAM>
Server: Ultros
#6 Nov 05 2013 at 8:14 AM Rating: Excellent
Scholar
****
4,506 posts
The brute force thing shouldnt be an issue, should it?

Just give it a 15 minute cooldown after 3 failed attempts, and any kind of brute force'ing is out the window.

I cant believe they're making the login process even more anoying than it already was. Regardless of how much they feel it will "help" us.
____________________________
[XI] Surivere of Valefor
[XIV] Sir Surian Bedivere of Behemoth
http://na.finalfantasyxiv.com/lodestone/character/2401553/
#7 Nov 05 2013 at 8:55 AM Rating: Excellent
***
1,422 posts
KojiroSoma wrote:
I cant believe they're making the login process even more anoying than it already was. Regardless of how much they feel it will "help" us.


I can, because it definitely fits in with SE's design philosophy: "Never make anything simple when you can make it long, convoluted, and annoying."
____________________________
FFXIV: Raji Skybrand (Leviathan)
Give a man a fish, he'll be fed for a day. Teach a man to fish, and he'll scream "F*** off noob, I know what I'm doing!" and continue to do it wrong.
#8 Nov 05 2013 at 10:01 AM Rating: Good
Avatar
*
88 posts
Ya... Gods forbid they try to help you not get your stuff stolen
____________________________
Freaky Deaky Excalibur
#9 Nov 05 2013 at 10:59 AM Rating: Excellent
Avatar
***
1,208 posts
God I hate Captcha... it's the most annoying invention ever.
____________________________
The Kraken Club - (Ultros FC)
Character Name: Meat Mithkabob
#10 Nov 05 2013 at 11:10 AM Rating: Excellent
Needs More Smut
******
21,262 posts
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.
____________________________
FFXI: Catwho on Bismarck: Retired December 2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest and Taprara Rara on Lamia Server - Member of The Swarm
Curator of the XIV Wallpapers Tumblr and the XIV Fashion Tumblr
#11 Nov 05 2013 at 11:20 AM Rating: Excellent
*
129 posts
JeremyPD55 wrote:
Ya... Gods forbid they try to help you not get your stuff stolen


No one really disagrees that not having your stuff stolen is good. The parting of ways comes somewhere between a good intention and a bad implementation.

It's ok though CAPTCHA seems to be the security-du-jour. I personally would have preferred the randomly re-organizing numpad PIN thing that some games use. It's also annoying legible all of the time at least.



Edited, Nov 5th 2013 12:21pm by Furiousnixon
____________________________
- The artist usually known as Angrynixon
#12 Nov 05 2013 at 11:24 AM Rating: Good
Sage
**
623 posts
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.
#13 Nov 05 2013 at 11:32 AM Rating: Good
*
129 posts
Niklz wrote:
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.


You may or may not but do you guys log in from multiple physical locations? If you do that can cause the suspicious activity password change. If not then I'd be concerned lol.
____________________________
- The artist usually known as Angrynixon
#14 Nov 05 2013 at 11:41 AM Rating: Good
Sage
**
623 posts
Furiousnixon wrote:
Niklz wrote:
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.


You may or may not but do you guys log in from multiple physical locations? If you do that can cause the suspicious activity password change. If not then I'd be concerned lol.


No, she doesn't. She has one PC at home that has XIV installed. She goes a week or two without logging in sometimes, that's it. Still it's from one single location. That's why I'm concerned.
#15 Nov 05 2013 at 11:44 AM Rating: Good
Scholar
**
482 posts
Catwho wrote:
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.


That's the thing that has always made me wonder. If nobody knows what the word is in the first place (including the computer that couldn't decipher it), how does the capcha know if you got it right or not?

Edited, Nov 5th 2013 12:44pm by Tubrudi
____________________________
Kuyo - Hume Male - Pandemonium server (Retired)
75 Monk, 75 Samurai
#16 Nov 05 2013 at 11:57 AM Rating: Good
*
129 posts
Tubrudi wrote:
Catwho wrote:
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.


That's the thing that has always made me wonder. If nobody knows what the word is in the first place (including the computer that couldn't decipher it), how does the capcha know if you got it right or not?

Edited, Nov 5th 2013 12:44pm by Tubrudi


That's quite the deep philosophical inquiry. Should just reply "*****" to every single one of them.

"Experts are baffled as to why the word ***** appears in the recently digitized ancient manuscript at some many locations through out and for seemingly no reason..."
____________________________
- The artist usually known as Angrynixon
#17 Nov 05 2013 at 11:59 AM Rating: Good
Needs More Smut
******
21,262 posts
Tubrudi wrote:
Catwho wrote:
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.


That's the thing that has always made me wonder. If nobody knows what the word is in the first place (including the computer that couldn't decipher it), how does the capcha know if you got it right or not?


I think the assumption is that if a majority of human beings recognize the word as X, it's probably X.
____________________________
FFXI: Catwho on Bismarck: Retired December 2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest and Taprara Rara on Lamia Server - Member of The Swarm
Curator of the XIV Wallpapers Tumblr and the XIV Fashion Tumblr
#18 Nov 05 2013 at 2:18 PM Rating: Good
****
5,745 posts
Tubrudi wrote:
Catwho wrote:
Some of them aren't so bad. reCaptcha actually did some good in the world, too - it used the power of crowd sourcing via the captchas to decipher previously unknown OCR scanned words. You might have seen some that were sheer WTF and looked like they had ink blots on them. Yeah, those were reCaptchas and they were using you as a guinea pig to determine what the actual word was behind the typo or ink blot.


That's the thing that has always made me wonder. If nobody knows what the word is in the first place (including the computer that couldn't decipher it), how does the capcha know if you got it right or not?

Edited, Nov 5th 2013 12:44pm by Tubrudi

It probably works like this:
Step 1) captcha generates some string and saves that off somewhere
Step 2) captcha puts it through some image distortion algorithm
Step 3) captcha presents distorted image to user
Step 4) captcha compares the user's submitted string to the one that was generated and saved in Step 1.
____________________________
Lyonheart, like Eorzia, will be reborn in FFXIV!

FFXI veteran (Lyonheart and Lakiskline of Lakshmi)
1/467 on signed HQ Weskit!!!
#19 Nov 05 2013 at 2:24 PM Rating: Excellent
Needs More Smut
******
21,262 posts
That's how regular Captchas work, but reCaptchas are actual scanned images from books and documents that the OCR software couldn't read.

reCaptchas always have two fields - one is the aforementioned computer generated algorithm, and the other is the thing they're trying to decipher. You only have to get the generated or known one right to get access. The second one is trying to get your best guess.

Here's a more detailed explanation: http://www.google.com/recaptcha/learnmore
____________________________
FFXI: Catwho on Bismarck: Retired December 2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest and Taprara Rara on Lamia Server - Member of The Swarm
Curator of the XIV Wallpapers Tumblr and the XIV Fashion Tumblr
#20 Nov 05 2013 at 2:49 PM Rating: Excellent
Sage
**
551 posts
Niklz wrote:
Furiousnixon wrote:
Niklz wrote:
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.


You may or may not but do you guys log in from multiple physical locations? If you do that can cause the suspicious activity password change. If not then I'd be concerned lol.


No, she doesn't. She has one PC at home that has XIV installed. She goes a week or two without logging in sometimes, that's it. Still it's from one single location. That's why I'm concerned.


If she has a dynamic IP from her ISP ( as most do ), then it's possible FFXIV is seeing her as logging from a "new" location depending on what new IP the ISP has assigned her that day ( or even that logon of that day ). If you're familiar in using router software, set her router to use a specific IP or range of IP's for that PC. That way, regardless of the IP sent from the ISP to the router, the IP from router to PC will always be the same. Should clear up the issue.
____________________________



#21 Nov 05 2013 at 3:35 PM Rating: Decent
*****
12,824 posts
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.
____________________________
Twitter: http://www.twitter.com/pawkeshup
YouTube: http://www.youtube.com/pawkeshup
Twitch: http://www.twitch.tv/pawkeshup
Blog: http://pawkeshup.blogspot.com
Olorinus the Ludicrous wrote:
The idea of old school is way more interesting than the reality
#22 Nov 05 2013 at 3:37 PM Rating: Good
***
2,232 posts
Pawkeshup the Meaningless wrote:
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.


Thank you for your input. We are looking into the matter. At this time, however, this is {Working as Intended!}



aka... because SE

Edited, Nov 5th 2013 1:38pm by LebargeX
____________________________
Character: Urzol Thrush
Server: Ultros
FC: The Kraken Club

Outshined

Teneleven wrote:
We secretly replaced your tank wemelchor with Foldgers Crystal's. Let's see what happens.

#23 Nov 05 2013 at 3:43 PM Rating: Good
*****
12,824 posts
LebargeX wrote:
Pawkeshup the Meaningless wrote:
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.


Thank you for your input. We are looking into the matter. At this time, however, this is {Working as Intended!}



aka... because SE
Wrong SE line.

Thank you for your input. However, we currently cannot implement this due to the limitations of the PS3.
____________________________
Twitter: http://www.twitter.com/pawkeshup
YouTube: http://www.youtube.com/pawkeshup
Twitch: http://www.twitch.tv/pawkeshup
Blog: http://pawkeshup.blogspot.com
Olorinus the Ludicrous wrote:
The idea of old school is way more interesting than the reality
#24 Nov 05 2013 at 3:58 PM Rating: Good
Sage
**
623 posts
Zorvan wrote:
Niklz wrote:
Furiousnixon wrote:
Niklz wrote:
I actually welcome this. It is a minor inconvenience but my g/f has had to change her password three times now due to "suspicious activity". Before long she might get banned. Also talked her into buying a security token but whatever security measures will prevent her account from being suspended or canceled I approve.


You may or may not but do you guys log in from multiple physical locations? If you do that can cause the suspicious activity password change. If not then I'd be concerned lol.


No, she doesn't. She has one PC at home that has XIV installed. She goes a week or two without logging in sometimes, that's it. Still it's from one single location. That's why I'm concerned.


If she has a dynamic IP from her ISP ( as most do ), then it's possible FFXIV is seeing her as logging from a "new" location depending on what new IP the ISP has assigned her that day ( or even that logon of that day ). If you're familiar in using router software, set her router to use a specific IP or range of IP's for that PC. That way, regardless of the IP sent from the ISP to the router, the IP from router to PC will always be the same. Should clear up the issue.


I'll give that a shot and see what happens. thanks.
#25 Nov 05 2013 at 3:58 PM Rating: Excellent
***
2,232 posts
Pawkeshup the Meaningless wrote:
LebargeX wrote:
Pawkeshup the Meaningless wrote:
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.


Thank you for your input. We are looking into the matter. At this time, however, this is {Working as Intended!}



aka... because SE
Wrong SE line.

Thank you for your input. However, we currently cannot implement this due to the limitations of the PS3.

Heeeeeyyyyy now....... *hugs PS3 protectively*

lol
____________________________
Character: Urzol Thrush
Server: Ultros
FC: The Kraken Club

Outshined

Teneleven wrote:
We secretly replaced your tank wemelchor with Foldgers Crystal's. Let's see what happens.

#26 Nov 05 2013 at 3:59 PM Rating: Excellent
***
3,450 posts
Pawkeshup the Meaningless wrote:
LebargeX wrote:
Pawkeshup the Meaningless wrote:
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.


Thank you for your input. We are looking into the matter. At this time, however, this is {Working as Intended!}



aka... because SE
Wrong SE line.

Thank you for your input. However, we currently cannot implement this due to the limitations of the PS3.


We apologize for any inconvenience.
____________________________
svlyons wrote:
If random outcomes aren't acceptable to you, then don't play with random people.
#27 Nov 05 2013 at 4:01 PM Rating: Good
*****
12,824 posts
LebargeX wrote:
Heeeeeyyyyy now....... *hugs PS3 protectively*

lol
OMG IT WILL BE PEOPLE LIKE YOU WHO HOLD THIS GAME BACK!!! UGH!!!!!!!!!! GODDAMNIT JUST BUY A PC ALREADY NUB!!!!

hides his PS3

Archmage Callinon wrote:
We apologize for any inconvenience.
Yea, knew I forgot something.
____________________________
Twitter: http://www.twitter.com/pawkeshup
YouTube: http://www.youtube.com/pawkeshup
Twitch: http://www.twitch.tv/pawkeshup
Blog: http://pawkeshup.blogspot.com
Olorinus the Ludicrous wrote:
The idea of old school is way more interesting than the reality
#28 Nov 05 2013 at 5:17 PM Rating: Excellent
Sage
*
139 posts
Pawkeshup the Meaningless wrote:
Why not lock your account after three logins and require you to click a link in an email? It's a forum, forum sources you download have this feature.


http://en.wikipedia.org/wiki/Phishing

Seems like this would present an even larger problem to the undiscerning gamer. I just assume waste an extra 10 seconds typing in another code. Ideal, No, but I can live with it.
#29 Nov 07 2013 at 12:10 PM Rating: Decent
Can you imagine having to type in (failed) captcha code after code on a PS3 soft keyboard?
____________________________
I might be an onion thief, but I'm still a thief.™





#30 Nov 07 2013 at 9:31 PM Rating: Default
Scholar
Avatar
*****
12,709 posts
RajiFarlander wrote:
KojiroSoma wrote:
I cant believe they're making the login process even more anoying than it already was. Regardless of how much they feel it will "help" us.


I can, because it definitely fits in with SE's design philosophy: "Never make anything simple when you can make it long, convoluted, and annoying."


Now if only people would stop getting themselves hacked we won't have to deal with it. :)
____________________________

#31 Nov 08 2013 at 12:46 AM Rating: Good
Scholar
Avatar
**
611 posts
The best resolution to our problems
____________________________
FFXI Ronyn RDM 75 (R.I.P.) -Fairy / BarretJax 95 MNK (Non-Active) - Asura
Ronin Olorin / Ronyn Oloryn (Active) - Ultros Server

"Go placidly amid the noise and haste, and remember what peace there may be in silence." - Max Ehrmann
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 76 All times are in CST
Callinon, Seriha, Thayos, Anonymous Guests (73)