Hi there, so today I had to spend about 5 minutes on a CAPTCHA even though I have 2FA on which is counterintuitive.
CAPTCHA meaning: Completely Automated Public Turing test to tell Computers and Humans Apart
So by definition, CAPTCHA is to tell if a Computer or a Human is interacting with it.
Why it is counterintuitive to present CAPTCHA to users with 2FA is because I don’t think anyone with a Bot farm would set up 2FA for their bot accounts…(although I could be wrong)
So to improve UX while trying to login for users with 2FA please disable the CAPTCHA system it’s not very helpful and hurting legit users.
If Roblox would implement this it would increase QOL and UX immensely for users with 2FA enabled.
After discussing below I realize that disabling CAPTCHA for users with Email and 2FA on isn’t a good option, however I’d still like to see CAPTCHA disabled for users with Phone verification.
So I would like to dedicate this thread to that new idea
Captcha should be disabled for users with Phone verification
Captcha isn’t a feature to keep your account secure, so this request makes no sense.
2FA keeps people from getting into your account because they need access to your email also to get the 2FA code. Captcha is meant to protect Roblox services from automated access. If 2FA circumvented captchas, bots would spend 2 extra REST calls to turn on 2FA and then be completely free to do whatever they want on the platform.
Maybe that would work, but Roblox would never implement that because only a small % of users supply their phone number on their account, so implementing the feature is not worth the time sunk.
That’s unfortunate, then our only hope is for Roblox to use a different and better CAPTCHA service.
When I said 2FA enabled I mean they would also have to fill in the code to login, not just enabling it would disable CAPTCHA, does this change the situation or is it easy for bot farms to pull login codes from their email?
Plainly speaking, if a human can easily set up an account and add 2FA then a bot can 100% do it with ease. Seeming as the formatting of these e-mails is trivial:
Anyone who is half decent at programming can program a bot to scan emails - especially the e-mail source, which in this case all you have to do is send the associated ticket to: https://www.roblox.com/account/settings/verify-email. I’m very confident a bot is capable of doing this in a matter of seconds if not less, especially when your bot which is farming accounts is automatically able to feed itself all the information - unlike a human it has quick access to a database, it doesn’t take it a moment to remember and type in the password either.
You have to remember at the end of the day CAPTCHA has a lot more benefits then issues, the amount of bots it has likely thwarted - it just slows down the people who are sad enough to run these networks. If it didn’t exist then we’d see tons more service disruptions as well as a lot more people getting scammed by those dumb bots saying “you can get robux at clearly.fake.url.rubl0x.com!! become me and get 10 million robux for free!!!”. Not to mention, if the thing using the bots is hit with a CAPTCHA it can’t move on until its completed.
I know how it feels to be in your situation.
I’m at University so I always get CAPTCHA which until recently hasn’t changed - one time it literally broke so I did a 40 minute stream of myself attempting to solve it (admittedly it became CAPTCHOTP - Completely Automated Public Turing test to keep Computers and Humans Off The Platform).
But I’d rather waste 10-15 seconds doing a CAPTCHA then see more bots on the platform. The unfortunate reality is however, bots are getting smarter so they can’t be too simple - but they have to also accommodate for little kids who might be a bit slower.
Bots aren’t getting smarter per-say. The third-party service to where captchas are solved are getting much more efficient due to increased demand. There’s really no middle ground for these types of things because a computer or automation can’t account for the age of the user or the speed the user may click. The best it can do is “just guess”. Roblox has though been slowly taking steps to make captchas harder to solve by limiting a lot of factors out there. While I do also find it an annoyance (I go to a university as well), I see it as a better alternative than something much more invasive.