no need for captchas, just implement throttling per ip. like bcrypt dues for pas... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hknmtt on Dec 17, 2023 \| parent \| context \| favorite \| on: An Empirical Study and Evaluation of Modern CAPTCH... no need for captchas, just implement throttling per ip. like bcrypt dues for passwords. if a bot fills up a form(or whatever), so be it, but it won't be able to do it for another N seconds or minutes..so the problem then is lowered from per try, which can be thousands of submissions, all the way down to per period and per ip.

Roark66 on Dec 17, 2023 [–]

Hell no... Some of us sit behind CGNAT, half a million of us on a single public IP.

vanviegen on Dec 17, 2023 | [–]

Exactly. Besides that, a bad actor may well have easy access to tens of thousands of ip address from all over the globe..

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact