|
I feel like we answered this question before, but it might have been your 'why do I need a password for anything other than the bank' thread I'm thinking about.
One of the main reasons for the captcha is that bots can take over a humans account by obtaining the password through brute force...Brute force password hacking is basically finding a valid username and trying to repeatedly log in under every possible password (similar to sitting down with one of those 3 disc 0-9 combination locks on a briefcase and trying every 3digit combo till it opens). Computers (bots) can do it really fast which is part of the reason why password requirements are getting longer and more complex (more wheels/digits = longer brute force time). The captcha is the best way to thwart the issue without inconveniencing users.... Locking the account for a set period of time after too many failed logins is another, but if the bot is vigilant in waiting that out it could make it so the person it belongs to can effectively never log in.
This is part of the reason big corporations often require their employees to change passwords every 2-6 months ( most of those computers WILL lock if they sense brute force so several minutes of wait is required between every 3-10 brute force login entries which slows the process) of course that created security holes like lots of people with no memory setting their password to something like spring23 or summer 23 during those months and caused companies to look for those patterns in their database and ban use of those passwords...
You should watch the YouTube videos of the presentations at hacker/cyber security conventions such as Defcon. It's fascinating how badly designed some of our systems are and how clever some hackers are. There is a whole industry of hackers for hire called pen testers where a company hires one of to try and attack them to look for holes in their security systems so they can identify and patch them.
Information is money and assets must be secured.
|