Why is a difficult capcha needed to login? Is there a better one?

[Mad7Scientist]

This Google Capcha is popping up everywhere, not just this site but other sites are using it as well. It's the Javascript heavy one where you have to click on parts of an image to identify it and I have to enable Javascript from Google. This isn't for creating an account, it's for logging in! Can't a classic system of one attempt per 10 seconds per IP address work? If people aren't allowed to create weak passwords then it shouldn't be a problem.

Can Google not be involved in everything?

[1715448397]

1715448397

[vc888888]

I do rly hate captcha like on this site
It is aaaaaaaaaaalways works wrong even I choose a right pictures!!

[mprep]

Relevant (from https://bitcointalk.org/index.php?topic=2086082.0):

Any in-house captcha implementation would be inferior (and probably easily crackable) compared to a system dev'd by the multi-billion data and IT tycoon that is Google. While I don't particularly like the captcha tech, it's effective and AFAIK nobody in the dark circles of the Internet managed to figure out a way to break it (edit: as in near 90-100% success ratio on a large scale brute force attempt).

Until the new forum software rolls over (at least; hope they have a better solution), you're going to have to deal with ReCaptcha while logging in.

[sumangs]

This is the best solution for spam as of now. I hope there is a better way to prevent this issues and develop another anti-spam captcha.

[6Asmodeus6]

Most of the captcha solving services doesn't support ReCaptcha so that makes it easy for websites that wants to stop spams and login bruteforces.It's annoying but it's working.

[Mad7Scientist]

So what happened? Did many users use accounts with similar names on other services that turned out to be frauds or got hacked and then the passwords from there were used to login here? At least make the capcha go away after the first successful login.

[mprep]

So what happened? Did many users use accounts with similar names on other services that turned out to be frauds or got hacked and then the passwords from there were used to login here? At least make the capcha go away after the first successful login.

From https://bitcointalk.org/index.php?topic=2086082.0:

Recently someone has taken to using 5000+ IPs to bypass rate-limits and try many passwords.

[minifrij]

So what happened? Did many users use accounts with similar names on other services that turned out to be frauds or got hacked and then the passwords from there were used to login here?

To add on to what mprep said above, the forum's database was compromised in 2015. This is where the passwords being tried are likely coming from.