Before I go crazy and try to script a way to lock folks out of their accounts on multiple failed attempts, is a captcha ideal? I've seen several sites that do this, but wasn't sure how effective it would be. Granted, if a human is indeed trying to "hack" into someone else's account, I would think blocking access for a few minnutes would be much better than having them input some random obscure characters.
+2
A:
CAPTCHAs are a common solution. They're rarely ideal.
One suggestion: Offer x chances (say 3) at which point you lock the account and then require some sort of email validation to unlock.
Otherwise, I think giving 1 or 2 freebie chances is fine and then switching over to a CAPTCHA'd login is acceptable.
DA
2010-03-10 20:27:25
I like this idea.
luckytaxi
2010-03-10 20:43:50
A:
If you aren't having spambot problems, CAPTCHA's are rarely a good solution. They are just annoying. I agree with DA's email verification idea.
CaptnCraig
2010-03-10 20:30:44