Human Tests: Turing Image and Face Recognition

Human Tests

Also known as Turing test. It challenges users with a test to determine if the requests come from a piece of software (bot, script, etc) or a real human.

AfterFail Plugin

If Strongbox::Plugin::Turing::AfterFail is enabled in @plugins, the Human test will appear to users only after a login failure event happens, this provides an easier user experience.

Face Recognition Test

User has to click on 4 female faces, it provides a stronger than traditional CAPTCHA, but it may be confusing, cultural inappropriate or even offensive for some customers.

Text Recognition Test

The login page has fields for not only the username and password, but also for the “secret word”, shown in an image on the login form known as “CAPTCHA“. This applies also for face recognition Human test. This feature helps protect against automated “dictionary” or “brute force” attacks, where thousands of username and password combinations are attempted. Because the cracker’s software cannot tell what word is shown in the image, such login attempts will never be approved and your site is essentially immune to such attacks.

Bluff Mode

Only an actual human reading the word each time and typing it in correctly can be granted access, or at least that’s what cracker’s think. In fact, the Turing image feature can be set to “on”, “off”, or “bluff”. Sometimes legitimate users may enter the wrong word or not enter the word at all, so some webmasters like to turn it off. On the other hand it’s very effective at chasing away would be attackers, so many like to have it on. Strongbox allows you to get the best of both worlds with “bluff” mode. In bluff mode the image shows up and they are prompted to type it in along with their username and password, which scares off attackers, but in fact entering the word incorrectly won’t keep them from logging in, so legitimate members have no problems. Fully “On” is the default.

To switch it to “bluff mode”, open cgi-bin/sblogin/ and set the variable $image_login to 0. To switch it to “on” mode, open cgi-bin/sblogin/ and set the configuration variable $image_login to 1. To turn the Human tests completely off disable the Turing Plugins in Strongbox configuration file.