This is another example of how to avoid hackers getting in. Add some
real expense and traceable communications to the authentication process.
A hacker doesn't care if they have to try 10000 times to crack one
captcha since they are doing though some botnet. The bandwidth and
compute power are essentially free and they can hide behind a shield of
relative anonymity. If they have to make a phone call that raises the
bar. For one that call is traceable so if something funny happens it
comes back to a phone number under somebody's name. It also has a real
cost as the phone line or cell phone account costs real money and they
can't automate it so some real human will have to make the call. The
10000 tries now isn't such a great deal.
CB
Dan Eickmeier wrote:
And that is good for those who are on cell phone providers that
support that verrification. Mine didn't, and I had to email their
support to get it fixed.
On 19-Jun-08, at 12:21 AM, Chelsea wrote:
Well, that is good for those who have talking cell phones. :(
On Jun 18, 2008, at 9:17 PM, John Moore wrote:
They should do it like Facebook, where they take the Captcha away
when you varify your cell phone number with a code they send you via
text message. When you type the code in right, Captcha becomes
nonexistent.
