Enable CAPTCHA in password reset
Use the password_reset.captcha.ignore property to enable or disable requiring a CAPTCHA challenge when a user resets their password.
Set password_reset.captcha.ignore to the recommended value of false to require a CAPTCHA challenge for a user to reset their password. Set the value to true to ignore the CAPTCHA option for a password reset.
CAPTCHAs help prevent automation attacks by prompting the user for a challenge-response that is not easily answered by automated systems. If CAPTCHA is disabled, an attacker may be more successful during automated attacks against the password reset feature.
注:
This property is used for password reset automation only.
More information
| Attribute | Description |
|---|---|
| Property name | password_reset.captcha.ignore |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Authentication |
| Purpose | This property is used to enable or disable CAPTCHA validation during password reset. |
| Recommended value | false |
| Configuration type | Boolean |
| Security risk | (Moderate) Unideal value may result in security vulnerability. |
| Security risk rating | 5.5 |
To learn more about adding or creating a system property, see Add a system property.