I do not intend to "rant", however in some respects this is. To cut to the chase, the Mojang account is not a holy grail, it's not our bank accounts. Heck, there's less steps to accessing my bank account than my Mojang account. The main issues:
1. You do not need a Captcha on every single page. Log In? Captcha. Answer the security questions right after that captcha? Another captcha. Switch accounts? Captcha. Posting this post? Yet another Captcha. Throwing captchas on every single page does not magically make it more secure; if you do want that many captcha, use the ones you can click to activate that use metadata and arrival information to more accurately determine bots from people and don't mess with impaired individuals.
2. The security questions are not useful. Most of them are oppinion based. I can hardly remember my favorite movie yesterday, I'm likely not going to remember it from 3 years ago. If I save it to a notes file, then why not just use a password in that case, which can't be guessed as easily? Of the more permanent questions, such as grandmothers' name, that's arguably even worse as anyone with a lick of my information can find that information with a brief search. Not only are they annoying, they are ineffective as security measures.
I suggest a re-analysis of the security needs of the website and look at solutions that are less impeding. A singular captcha per session, for instance, or use of click-captchas.
Please sign in to leave a comment.