Re: CAPTCHA on GOVMU.ORG User Login

From: S Moonesamy <sm+mu_at_elandsys.com>
Date: Mon, 20 Apr 2015 23:10:13 -0700

Hi Nirvan,
At 13:27 20-04-2015, Tejas Pagooah (Nirvan) wrote:
>I was going through GOVMU.ORG, Government of
>Mauritius’s website for the driver’s license and
>after the registration, I was prompted to login [1] the system.
>
>Actually, I’ve been wondering the purpose of the
>CAPTCHA on the login? What do you think about this?
>
>Does the captcha increases the website’ security? – From my point of view NO.
>
>It's not immoral to have a captcha but it's bad
>usability from my point of view.
>
>Security implications: the users will consider
>logging in to be time consuming and will:
>
>· be less likely to use your system at all
>· never log out of the system and leave open sessions unattended.
>
>Your views?

I suggest against using stackoverflow as research. :-)

The captcha in that govmu.org web form was
probably used because that is what people find
when they do a quick search on how to do web
forms or how to prevent spam. Nowadays, it is
possible to bypass those (captcha) tests; it is
not a good security as small people might
think. Using a captcha introduces a usability
issue as it makes it more difficult for a person to login.

It seems that what you are trying to say above
(see security implications) is that the security
aspects should be assessed as it is not a matter
of adding a security measure without giving any
thought to whether it is appropriate or not.

Why do I have to agree to the privacy policy of
Google to login to the Government Web Portal?

Regards,
S. Moonesamy
Received on Tue Apr 21 2015 - 06:10:37 PST