Yes you still need recaptcha simply to avoid password stuffing attacks. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		theappsecguy 3 months ago \| parent \| context \| favorite \| on: Lightweight open source reCaptcha alternative Yes you still need recaptcha simply to avoid password stuffing attacks.

damsalor 3 months ago [–]

Certainly not in the mentioned 2fa scenario.

I would guess that simple rate limiting would do the trick for the rest

Zak 3 months ago | [–]

Rate limiting does not solve this problem because botnets often don't make repeated requests from the same IP address. 2FA does solve it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact