Discuss introducing a challenge before login attempt limit is exceeded #3646
Comments
|
We can try using http://visualcaptcha.net/, it can be self-hosted and let us customize the options if needed |
|
|
|
Final draft. Select object should have 1px dotted outline, #0095dd, no fill. |
|
Outstanding questions, perhaps of interest to @ckarlof:
|
|
@vladikoff Is there a way we can separate the captcha from the login? Like show it in a modal or on its own step? |
|
From mtg: messaging might need to be adjusted if ip is blocked and it's user's first time |
Right, so there's two reasons a user might encounter this error:
We should have the server return a different errno in these two different cases, so that we can give more accurate messaging to the user. I've noticed a few folks on twitter lately complaining that "FxA tells me attempt limit exceeded on my first try, wtf??". |
|
@ryanfeeley - can you open a feature card for this so we can prioritize appropriately? |
|
Need to add result of discussion... and move to feature doc or something.. |
|
moved to mozilla/fxa#153 |
Currently, when the number of login attempts exceeds our threshold, we simply put a "Attempt limit exceeded" error message above the login form.
Before blocking login attempts, we should introduce a challenge to verify that the user is indeed a human.
What are the best ways to accomplish this that deliver a great UX on mobile and desktop, and align with our engineering goals?
The text was updated successfully, but these errors were encountered: