|
Title: Private Access Tokens instead of Captcha Post by: PawGo on June 28, 2022, 07:26:54 AM Hello
As site is using Cloudflare, are you aware of the new feature implemented by Apple (and soon by Google), to "skip" some captcha by "authentication token" from the device? Some technical details are available here: https://developer.apple.com/videos/play/wwdc2022/10077/ and here https://www.fastly.com/blog/private-access-tokens-stepping-into-the-privacy-respecting-captcha-less It is not a big problem on the forum (captcha is for login only, as far as I know), but still interesting feature. Title: Re: Private Access Tokens instead of Captcha Post by: Charles-Tim on June 28, 2022, 07:35:44 AM It is not a big problem on the forum (captcha is for login only, as far as I know), but still interesting feature. Even I see captcha to be only necessary for registration on this forum. To login, you can bypass it if you use this link (https://bitcointalk.org/captcha_code.php) to access the login page. https://bitcointalk.org/captcha_code.php Title: Re: Private Access Tokens instead of Captcha Post by: DdmrDdmr on June 28, 2022, 08:23:31 AM <…> Actually, the general method to obtain your personal captcha bypass code is through the results shown on this link:https://bitcointalk.org/captcha_code.php I think you’ve shared your own personal code in your post. If so, it would be best to reset it: Quote If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it (from the above link’s page content)Title: Re: Private Access Tokens instead of Captcha Post by: jackg on June 28, 2022, 02:34:39 PM Yup the token to bypass captcha has been here for a while. I think it was just implemented by recaptcha (because it was part of Google/worked on by Google) and you used to have to dm admins for a link to run bots on the site but now it's automated.
Title: Re: Private Access Tokens instead of Captcha Post by: SquirrelJulietGarden on June 28, 2022, 04:18:24 PM With forum captcha code, you can change it after a few months. The same like you are required to change password of your account on some platforms. The forum does not force you to change and get a new captcha code. It is personal choice but it is not harmful to change yours after a few months.
Without captcha code, you can log in your account but will need more time to enter captcha. Sometimes you succeed, sometimes you fail. It is annoying too but make sure if you use captcha code, you must keep it safe like how you keep your exchange account password, 2-factor authentication activation code safely. Title: Re: Private Access Tokens instead of Captcha Post by: PrimeNumber7 on June 28, 2022, 07:21:10 PM <…> Actually, the general method to obtain your personal captcha bypass code is through the results shown on this link:https://bitcointalk.org/captcha_code.php I think you’ve shared your own personal code in your post. If so, it would be best to reset it: Quote If someone else gains access to your unique captcha-bypass link, then they could try to brute-force your password. In that case, you should reset it (from the above link’s page content)@Charles-Tim - you edited your post, but several people archive forum posts when they are created. if you have not already done so, you need to reset your captcha link; editing your post will not hide your link. As others have stated, it is already trivial to bypass the captcha requirement after you have logged in a single time. From what I can tell, the subject technology is only available to users with certain devices, so some people would not be able to use this technology if it were implemented on the forum. |