"Forgot Password" Captcha Unnecessarily Hard

[microcrit]

Select Topic Area

Bug

Body

After 5 or so tries of a dice sum captcha that asks me to select the dice that count up to 14, I fail because I can't do sums quickly under pressure. It's now impossible to reset the password for my forgotten account that I use for school/personal use. The original number of 5 questions extends to 10, even though my answers are all correct, just because I take too much time. I believe, as well as other people, that either the implemented captcha system should not be terrible (1) - Users can be identified as "risky" (2) - Many people can't solve it , or it should be migrated away from completely (1) - People can't solve it (again) (2) - Can easily be bypassed (3) - Bypassed after an update

[datta900]

THANKS, I was going to create the same discussion!
No needed to be this kind of hard, i still can't reset my password because "i took too long".. 2FA is no needed with this kind of strength.

[RitchieP]

This is just ridiculous.

[RitchieP]

I eventually gave up on the dice calculating captcha and used the sound captcha (determine fake cat sounds, two drum beats) instead. Found that easier to pass than the dice calculation. Left it here if someone ever finds it helpful.

I also encountered this captcha when trying to create an organization, which was just frustrating and cringe at the same time because my supervisor was watching me trying to create an organization for them.

[xaxay]

Too complicated captcha. Do not allow to resset password. It is better to allow to use google authentication!

[peter-volkov]

So true. As an infrastructure guy who manages collaboration tools for the engineering team I skip GitHub as an option just to avoid managing external accounts (since we use Google Workspace).
Main competitors, Bitbucket and GitLab, allow to auth using Google Accounts even for free tier plans. While GitHub has some kind of SSO only in the top-tier enterprise plan.

[RitchieP]

That's interesting to hear since GitHub is presumed to be the most dominant collaboration tool in the developers field

[Citillara]

I think this is bad design on purpose if your IP reputation falls below a certain range. Roll your IP if you can or see if you can use another connexion

[carlfell]

It took 3 experienced programmers to solve the maddening dice-calculating captcha today, only for it to then fail to verify twice. If you are going to use captcha's that are this insanely obtuse, at least make them authenticate correctly. Quite honestly the most infuriating thing I have had to deal with in years. If I didn't have to use this from a professional point of view I would never use this service ever again in my life.

[area-8051]

I'm fortunate enough to use it for personal projects, so I'll move my repositories elsewhere before Sep. 28th. It's just insane.

[RitchieP]

I eventually gave up on the dice calculating captcha and used the sound captcha (determine fake cat sounds, two drum beats) instead. Found that easier to pass than the dice calculation

[amias-channer]

the complexity of the question rarely adds much in security terms, if the service decides the poster is an extra risk then it should make them do another captcha afterwards. Duplicating capchas will hurt attackers more than users.

[bm-nhs]

I was able to solve this on the first try.

[Faultless]

I hope you're still a kid cause this is straight up embarrassing otherwise.

[bzczb]

me too

[Bemental77]

@Faultless I found the child predator guys. Hide your kids

[Faultless]

@Bemental77 nice projection, weirdo.

[amogusussy]

Congrats 🎉

[schaier-io]

Maybe a bit over the top, but as a tip, don't solve it completely.

If you see something like 5+5+5 you know it is bigger than 14, therefore no need to calculate the correct answer. After eliminating the obvious false ones only 2 possible options are remaining and one of them is very low(2+2+1+3)

Hope it helped somebody

[carlfell]

I cant believe it's already descended into people suggesting strats like it some kind of boss fight.

[seanjensengrey]

Training for LeetCaptcha

[username1001]

How much time do they give you? 👀

[Kugelschieber]

3 Seconds, including loading the page.

[username1001]

@Kugelschieber yikes!

[Memexurer]

https://chrome.google.com/webstore/detail/nopecha-captcha-solver/dknlfmjaanfblgfdfebhijalfmhmjjjo
no need to thank me

[Netruk44]

Does nobody at GitHub or Microsoft care about accessibility? If you just suck at math, well too bad you don't get to use GitHub? Try being better at math?

Completely ridiculous.

[area-8051]

Not only maths, but many people have a poor sight and captchas are nightmares for them.

[than3-bits]

Colorblindness is also a big thing (8% of global population). I'm glad I already migrated most of my stuff to an HAG gitea instance I run myself.

edit: HAG = high availability group, similar but more generic to data availability groups.

[CeruleanSky]

I've ran into this captcha before on another site and answered over 500 of these sums and still was unable to access my account. I believe it was prejudiced against my browser or IP. Not only does it fail to identify legitimate humans who are capable of answering its query, this is a terrible captcha for many other people, as those other people have problems with arithmetic such as reading or otherwise acquiring the numbers and then operating on them in their head accurately at high speeds.

There is a very different process when trying to logically decompose a problem and assess an answer from a theoretical or knowledge based framework, such as used in programming or higher math, and from trying to keep a number from switching places or being double counted under time pressure.

[notevenaperson]

[v-n-n-v]

Lmao, get a load of this guy! He can't even think without crystallizing it into a concrete verbal or visual form! Do you even surf waves of raw intuition and unmanifested concept bro? Haha mad cuz bad, git gud scrub

[millathossain115]

This is something I was looking for

[shrimpwtf]

I’m glad someone brought this up. These are from FunCaptcha aka Arkose and are a truly awful service. It’s really easy for bots to mitigate yet can be incredibly hard for humans to solve. Sites need to ditch it.

[Gronghon]

Sorry, I couldn't resist.

[queenofcorgis]

Hi there 👋🏼 Thanks everyone who gave feedback on this thread and others ❤️ This has been fixed, however, please continue to share feedback like this if you encounter anything similar!

[webtrax-oz]

I just tried to verify my account and got the 2 square layout, large box on the right and small on the left. it instructs to match the hand angle to the vehicle on the right. I do not see a hand in the left hand panel. It has appeared once or twice during the process, the rest of the time it is dead black. I managed to fluke the correct answer and get in. But I don't want to have to do this every time.

[alexlogiclab]

The captcha is too complicated. I've done it three times now (each time with eight images) and even if you get one wrong you start again. I am locked out of my normal work account because I need to reset my password and can't because of this stupid captcha you're using. Please me it more human friendly!

[CardealRusso]

cringe

[naikamolg2003]

Hi,

I personally felt I will not be pass through the CAPTCHA when I tried this several times while resetting the password. After several attempts of CAPTCHA exercises I failed passing through it and I recollected the forgotten password and could log into it back.

Do consider two things.

1. Voice captcha are not at all recognisable by non - english native person
2. Shadow captchas are beyond imagination for the ordinary IQ person ( I believe only AI can solve such puzzles)

Requesting you to keep it simple.

Amol

[jmhg92]

I just had a puzzle that wanted me to find the image on the right with the correct amount of items as shown on the left, do this for like 5 consecutive times. The images were either black and white or grayscale, they had crudely drawn figures on them and were VERY confusing. I failed my 4 attempts at this puzzle, having to use the audio captcha to identify the track that had drums 6 or 7 times.
Don't know why I was logged out though and asked for password, which I didn't remember because I always used my Google account as my access.

[alexlogiclab]

Exact same thing here. I thought I was smart but couldn't do this after three attempts; the images are so weird and distorted, it's beyond a joke if they think this is usable!

[than3-bits]

@jmhg92 I've largely moved away from github for this reason. Also these days its a coin toss on whether captcha's are actually a puzzle or a specially encoded image where you submit info in the form of such.

https://varun.ch/history published a proof of concept where browser history through a css property leak can be submitted in the form of a captcha; albeit OT worth a read for anyone interested.

[idontcare999a]

I just had a puzzle that wanted me to find the image on the right with the correct amount of items as shown on the left, do this for like 5 consecutive times. The images were either black and white or grayscale, they had crudely drawn figures on them and were VERY confusing. I failed my 4 attempts at this puzzle, having to use the audio captcha to identify the track that had drums 6 or 7 times. Don't know why I was logged out though and asked for password, which I didn't remember because I always used my Google account as my access.

I was having the same issue. I tried from another machine and it gave me a slightly easier one to solve.

[Faultless]

They should add a mewing tongue position captcha at this point, if the idea is to make it impossible for anyone that is not a zoomer to solve it.

[ducanhxd]

This is such a pain, i am in a hurry and i can't even get the password reset because of this captcha. I think 3 or 4 pictures are more than enough, why 8? And if i fail or misclick, i have to do it over again, and if i failed the 2nd time, it wouldn't let me solve it anymore because Github wouldn't allow to. It is just a bad design.

[MartinCerny-awin]

I got some new cool captcha, that I am also not able to solve. Like doing 20 images. Are you guys serious?

And what is the solution for this one?

[Elliandr]

The current capcha isn't just difficult. It's impossible to complete. I had to create a new account because I lost my old password and that password is associated with an email account that can no longer receive new emails so I understand that some form of security would be needed, but both options were horrible.

The first option was to orient an object according to a picture. OK, seems easy enough. However, after completing 2 out of 3 it would say that the third is wrong and have me start over. EVERY. TIME. And the worst part is I am 100% sure that I was NOT wrong! The object can only orient in a fixed number of ways so if, for example, the finger is pointing down and to the left the object should face that way as well. Clearly some of the puzzles were setup wrong so I clicked for the audio puzzle instead.

The second option asked me to pick out the sound of bees. They were not terribly difficult, but I am hard of hearing so on the third puzzle the second option sounded like bees to me. I only got it correct by dumb luck since number 3 ALSO sounded like bees to me and I just happened to guess correctly. As a side note here please PLEASE remove the audio bits of people peeing into toilets. It's gross.

Given how advanced AI is today you really can't keep bots out anymore. They are so smart, in fact, that you have no way of knowing that I am not an AI writing this right now. At some point you are just going to have to give up the fight. Stop making them needlessly complex or only an AI will be able to have an account since only an AI could solve them.

At the very least please don't make us start completely over if we miss one. It would be much less maddening to deal with if I only had to try again on the one I missed.

[github-actions[bot]]

💬 Your Product Feedback Has Been Submitted 🎉

Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users.

Here's what you can expect moving forward ⏩

• Your input will be carefully reviewed and cataloged by members of our product teams. 
  • Due to the high volume of submissions, we may not always be able to provide individual responses.
  • Rest assured, your feedback will help chart our course for product improvements.
• Other users may engage with your post, sharing their own perspectives or experiences. 
• GitHub staff may reach out for further clarification or insight. 
  • We may 'Answer' your discussion if there is a current solution, workaround, or roadmap/changelog post related to the feedback.

Where to look to see what's shipping 👀

• Read the Changelog for real-time updates on the latest GitHub features, enhancements, and calls for feedback.
• Explore our Product Roadmap, which details upcoming major releases and initiatives.

What you can do in the meantime 💻

• Upvote and comment on other user feedback Discussions that resonate with you.
• Add more information at any point! Useful details include: use cases, relevant labels, desired outcomes, and any accompanying screenshots.

As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities.

Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐