robotdan
commented
4 years ago Can this be handled through a theme or a tutorial from FusionAuth? You have full access to the theme templates.
Closed Zayceur closed 3 years ago
robotdan
commented
4 years ago Can this be handled through a theme or a tutorial from FusionAuth? You have full access to the theme templates.
Zayceur
commented
4 years ago Hello and thanks for your reply !
I think the better way should be a complete backend + frontend implementation. If we only do a frontend implementation (via template) it could be easily bypassed by a malicious user.
reCAPTCHA add a new value into the form that you need to check in the backend to verify the user has completed the reCAPTCHA and did not enter a random value. Here you can see how to check the token reCAPTCHA provides https://developers.google.com/recaptcha/docs/verify
I hope this explanation is clearer that the initial comment.
robotdan
commented
4 years ago Thanks for the additional detail @Zayceur !
matthewhartstonge
commented
3 years ago Would also like to suggest adding support for hCaptcha which is a more privacy focused drop-in replacement for reCAPTCHA and avoids feeding 'el Goog with more user data. 😄
Also, refer: https://blog.cloudflare.com/moving-from-recaptcha-to-hcaptcha/
Adding reCAPTCHA support
Problem
Nowadays it's common that authentication API are brute-forced to gain access to sensible content.
Solution
Adding (re)captcha for login page using email/password combinaison will prevent a lot of brute-forcing and so increase the security.
Alternatives/workarounds
Use a theme and add reCAPTCHA.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.