Hacker News new | past | comments | ask | show | jobs | submit login

Not sure you need to make sure the user is human on a log-in form. Just limit the number of attempts per day per account, perhaps with email verification to pass it.



At even small to moderate scales you will end up with legitimate users being locked out of their accounts en masse with this approach.


Well, most log-in forms do not have any captcha, so I wonder how they do it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: