So I have a theory I’d love someone to test for me. I get a lot of brute force attacks on some of my sites and it’s all scripted I’m sure.
If one were to put a check box on the login screen – or a captcha. Wouldn’t that be as effective for blocking scripted brute force attacks as some of the other methods like two-step authentication.
I realize two-step is far more secure than captcha – but I would think a captcha would at least block scripts from trying to login.