Disable CAPTCHA for users with Phone verification

Original thread content

Hi there, so today I had to spend about 5 minutes on a CAPTCHA even though I have 2FA on which is counterintuitive.

CAPTCHA meaning: Completely Automated Public Turing test to tell Computers and Humans Apart

So by definition, CAPTCHA is to tell if a Computer or a Human is interacting with it.
Why it is counterintuitive to present CAPTCHA to users with 2FA is because I don’t think anyone with a Bot farm would set up 2FA for their bot accounts…(although I could be wrong)

So to improve UX while trying to login for users with 2FA please disable the CAPTCHA system it’s not very helpful and hurting legit users.

If Roblox would implement this it would increase QOL and UX immensely for users with 2FA enabled.


After discussing below I realize that disabling CAPTCHA for users with Email and 2FA on isn’t a good option, however I’d still like to see CAPTCHA disabled for users with Phone verification.

So I would like to dedicate this thread to that new idea

Captcha should be disabled for users with Phone verification
  • I agree
  • I disagree

0 voters

12 Likes

Adding on to my point

Users with Email and Phone verification should almost NEVER be presented with a CAPTCHA, I’m pretty sure its enough to tell us apart from a bot.

3 Likes

Captcha isn’t a feature to keep your account secure, so this request makes no sense.

2FA keeps people from getting into your account because they need access to your email also to get the 2FA code. Captcha is meant to protect Roblox services from automated access. If 2FA circumvented captchas, bots would spend 2 extra REST calls to turn on 2FA and then be completely free to do whatever they want on the platform.

14 Likes

That’s not the point of this request.

For a user who already verify their Email and Phone number should already be proven that they are Human, if so then why present them with CAPTCHA?

CAPTCHA is meant to deter or at least slow down bots but why should it degrade legit user’s UX

this has nothing to do with account safety, it’s about improving UX and QOL while trying to get into your account and do other things as a legit user.

3 Likes

All bot accounts already have verified email addresses since 2016. They will surely have one now as well.

The only requirement to turn on 2FA is to have a verified email, so your request fundamentally does not work.

4 Likes

I see, what about phone verification?

Is it possible to verify all of their bots with phone numbers?

1 Like

Maybe that would work, but Roblox would never implement that because only a small % of users supply their phone number on their account, so implementing the feature is not worth the time sunk.

5 Likes

That’s unfortunate, then our only hope is for Roblox to use a different and better CAPTCHA service.

When I said 2FA enabled I mean they would also have to fill in the code to login, not just enabling it would disable CAPTCHA, does this change the situation or is it easy for bot farms to pull login codes from their email?

2 Likes

It’s trivial to automate, yeah.

2 Likes

Plainly speaking, if a human can easily set up an account and add 2FA then a bot can 100% do it with ease. Seeming as the formatting of these e-mails is trivial:
image
Anyone who is half decent at programming can program a bot to scan emails - especially the e-mail source, which in this case all you have to do is send the associated ticket to: https://www.roblox.com/account/settings/verify-email. I’m very confident a bot is capable of doing this in a matter of seconds if not less, especially when your bot which is farming accounts is automatically able to feed itself all the information - unlike a human it has quick access to a database, it doesn’t take it a moment to remember and type in the password either.

You have to remember at the end of the day CAPTCHA has a lot more benefits then issues, the amount of bots it has likely thwarted - it just slows down the people who are sad enough to run these networks. If it didn’t exist then we’d see tons more service disruptions as well as a lot more people getting scammed by those dumb bots saying “you can get robux at clearly.fake.url.rubl0x.com!! become me and get 10 million robux for free!!!”. Not to mention, if the thing using the bots is hit with a CAPTCHA it can’t move on until its completed.

I know how it feels to be in your situation.
I’m at University so I always get CAPTCHA which until recently hasn’t changed - one time it literally broke so I did a 40 minute stream of myself attempting to solve it (admittedly it became CAPTCHOTP - Completely Automated Public Turing test to keep Computers and Humans Off The Platform).

But I’d rather waste 10-15 seconds doing a CAPTCHA then see more bots on the platform. The unfortunate reality is however, bots are getting smarter so they can’t be too simple - but they have to also accommodate for little kids who might be a bit slower.

7 Likes

Bots aren’t getting smarter per-say. The third-party service to where captchas are solved are getting much more efficient due to increased demand. There’s really no middle ground for these types of things because a computer or automation can’t account for the age of the user or the speed the user may click. The best it can do is “just guess”. Roblox has though been slowly taking steps to make captchas harder to solve by limiting a lot of factors out there. While I do also find it an annoyance (I go to a university as well), I see it as a better alternative than something much more invasive.

3 Likes