Login with ReCaptcha

[cobra-arbok]

I am looking for a free extension with a module for login that can handle reCaptcha in the login process and not only into register process.
I am also using K2.
Thanks in advance.

[sozzled]

This question has been asked and answered before: please see

• viewtopic.php?f=708&t=910764
• viewtopic.php?f=708&t=943059

as examples. There are many more examples.

[cobra-arbok]

This question has been asked and answered before: please see

• viewtopic.php?f=708&t=910764
• viewtopic.php?f=708&t=943059

In the first thread we talk about whether it makes sense to put the reCaptcha in the login form; in the second we recommend using TFA.

I asked another thing: is there an extension to insert reCaptcha in the login form?

[starazure]

If you don't find any such extensions let me know. That might be a product I can create and I promise it will be a free download.

[cobra-arbok]

If you don't find any such extensions let me know. That might be a product I can create and I promise it will be a free download.

In JED I found only 2 "free" modules, but without reCaptcha in Login.
If you are able, develop your own extension and enter it in JED.

Thank you very much.

[JAVesey]

I am curious as to why you think you need it? It makes logging in more tedious for your site's users and is therefore a disincentive to use your site.

If you have a Captcha on your Registration Form, and account verification at the point of registration, then you can have some confidence that the user-account is bona-fide. Adding a subsequent Captcha doesn't achieve anything worthwhile in my view.

Not saying that you don't need/want it, just curious as to why? I'm happy to be educated

[starazure]

I am curious as to why you think you need it? It makes logging in more tedious for your site's users and is therefore a disincentive to use your site.

If you have a Captcha on your Registration Form, and account verification at the point of registration, then you can have some confidence that the user-account is bona-fide. Adding a subsequent Captcha doesn't achieve anything worthwhile in my view.

Not saying that you don't need/want it, just curious as to why? I'm happy to be educated

I agree with John for the first 5 login attempts but after that, it could be a hacker. I have seen that with my gmail account - A few consecutive login attempt failures starts showing captcha.

John made a very good point though. I understand the use could be to prevent hacking but from a product development perspective, now I am not sure if I will get enough downloads after putting in all the time to develop it.

Thanks

[JAVesey]

I agree with John for the first 5 login attempts but after that, it could be a hacker.

But if they haven't got in after 5 attempts then they probably won't. You need "brute force" protection to protect your login from automated scripts, possibly with a redirect and automated i.p. ban rather than a Captcha.

Look at the "Brute Force Stop" extension, or use AdminExile to mask your Admin URL?

[cobra-arbok]

I could be wrong, but I do not think there is a way to make TFA mandatory for users.
So a new user could register, but then not use the TFA.

On my portals, who has the rights of Administrator and Super User are obliged to use the TFA.

Said this, every website has different needs from the others, we can not and should not generalize.

Most websites do not need users to log in.
For users who need to login, I agree with you that the best solution is TFA, but not being sure that the user activates it, then personally I prefer to activate the reCaptcha as the first level of security.
Obviously I'm talking about my websites and my users.

Finally, I remind you that there are different ways to connect and that a password can be cracked.
If the intruder is a person, when he has username and password, then reCaptcha will not be a problem for him.
Instead, if the intrusion is managed by an automatic system, the reCaptcha can serve as a first protection.

[JAVesey]

I could be wrong, but I do not think there is a way to make TFA mandatory for users.

Yes there is, but I cannot think of a better way discouraging users from logging in to the front end. Not only give them an extra hoop to jump through but also make them have to use a specific way of generating the TFA code (smartphone app, browser extension) as well. My own site would have no users if I required TFA on the front-end.

However, happy to accept that it's up to the the individual site.

[cobra-arbok]

I could be wrong, but I do not think there is a way to make TFA mandatory for users.

Yes there is, but I cannot think of a better way discouraging users from logging in to the front end. Not only give them an extra hoop to jump through but also make them have to use a specific way of generating the TFA code (smartphone app, browser extension) as well. My own site would have no users if I required TFA on the front-end.

However, happy to accept that it's up to the the individual site.

OK, I agree with you.
I have previously written that TFA is the right solution for the administrative backend and where we need to protect pricacy, data or money.

Said this, where can I force a user to activate the TFA? I do not see any options.

Returning to my initial question, the answer is "there is no extension, developed by Joomla or others, that allows you to log in with the reCaptcha".
In Wordpress there are dozens of them, in Joomla none. OK.

[Kubik-Rubik]

Returning to my initial question, the answer is "there is no extension, developed by Joomla or others, that allows you to log in with the reCaptcha".
In Wordpress there are dozens of them, in Joomla none. OK.

My plugin EasyCalcCheck Plus does protect the login form of the core users component: https://extensions.joomla.org/extension ... heck-plus/

You can define how many failed login attempts are allowed (e.g. over the login module), if the limit is reached, then the user will be redirected to the form of the component and has to solve the reCaptcha (or other anti spam measures) there before he can sign in. So, you are not forcing normal users to solve a captcha just for the login!

Have success!

Cheers