I can imagine it being a reasonable option for someone who felt they needed to allow https router login from WAN. Maybe even an option on LAN although if you don't trust your LAN traffic then it should probably be on an isolated Guest/VLAN. But in any case, an option - not mandatory!
While I do not know how to do that, disable or bypass the "captcha" routine, I just see Red at the very mention of the word. Nowhere ever, have I encountered a piece of software more detested then captcha! The developer seems to have absolutely no regard for human nature, not knowing when "enough is enough"! I refuse to use it. If I have to bypass the choice I was seeking because of captcha hell, then so be it…
As a developer who has needed to implement captchas, I would defend their usage in some cases. However these days with web app forms it's usually the less-annoying Google recaptcha format, which gets progressively more obstructive with successive failures. That's generally enough to prevent a brute force attack on a form, or slow it down to a point where it's not worth the effort to crack in most cases, without annoying the genuine user who shouldn't be needing double-figure attempts to log in.Nowhere ever, have I encountered a piece of software more detested then captcha! The developer seems to have absolutely no regard for human nature, not knowing when "enough is enough"!
So, I like this feature very much.3. LOCAL ADMINISTRATION
- Is there a CAPTCHA option for logging in? (D-Link offers this)
Could not possibly disagree with you more. It is annoying and offers no security improvement to add a captcha to the LAN login screen. None whatsoeverThis is a great improvement for Asuswrt. I know many people don't like it, but it's a great feature for protect people.
As early as about five years ago, independent security personnel suggested that all soho router manufacturers should add a CAPTCHA to the administration page, and then D-Link took the lead in implementing this function, and security personnel suggested that it be used as an indicator for purchasing soho routers.
Like Michael Horowitz wrote in the router security checklist:
So, I like this feature very much.
But I hope it will not be displayed every time, but only after entered the wrong password multiple times.
Could not possibly disagree with you more. It is annoying and offers no security improvement to add a captcha to the LAN login screen. None whatsoever
|S||Release ASUS RT-AC3100 Firmware version 18.104.22.168.386.48260||ASUSWRT - Official||0|
|S||Release ASUS RT-AC3100 Firmware version 22.214.171.124.386.46065||ASUSWRT - Official||0|