Just now I mistakenly entered bad username/password when trying to sign-in to a Google Account and naturally I was presented with a CAPTCHA. I did not enter any text for the CAPCHA field, but lo and behold, I was able to sign-in without solving the CAPTCHA.
Does anybody else notice this? I have tested it a few times and it always seems to work, whether the service is GMail or something else, like Google Reader. |
Yeah, it's always been like that... |
Why don't they fix it? Surely it's a massive security risk? |
i'm not sure but i think it only happens what you mistype the username. if you fix the username there's no need for the captcha anymore. do you know if the same thing happens if you only mess up on the password? |
A more important question is: Why doesn't Phillip employ captcha use here, in his blog? Friggin frustrating not being able to comment an "old" item (2 weeks is OLD?!?) just because the un-captcha'ed blog pages are bot-spammable and need to be "locked"?
http://blogoscoped.com/archive/2007-07-05-n38.html
I implore you to visit http://recaptcha.net/ and to consider using it to protect pages, instead of "time locking" the entries. |
I remember if you have typed most part of your password correct say 9 out of 10 characters, then Google will still not prompt you to enter the CAPTCHA. |