> I think a nice middle ground is to insert standard pauses of moderately increasing size after repeated sequential failures or repeated sequential forgot password requests from the same IP address. So that's what we do.
I like this. Captchas annoy the end-user and have been completely broken by foreign manual typers with an API (e.g. http://humancoder.com/). It seems to me pauses would solve the issue, at least an IP level, without any inconvenience to the end-user.
I like this. Captchas annoy the end-user and have been completely broken by foreign manual typers with an API (e.g. http://humancoder.com/). It seems to me pauses would solve the issue, at least an IP level, without any inconvenience to the end-user.