<@U034XM56S82> hi, there is much discussed in the ...
# talk-kratoss
swift-chef-97535
10/31/2022, 10:38 AM@big-agent-51580 hi, there is much discussed in the issue. Its probably best to begin with a very concrete use case and platform , see the IOS discussion, and then add it to the issue. Is this a feature your users are asking for, or are other second factors better i.e. less friction for customers?
b
big-agent-51580
10/31/2022, 10:40 AMHi @swift-chef-97535 It is more us that are asking for this as to prevent credential stuffing is the primary use case here for me
s
swift-chef-97535
10/31/2022, 10:43 AM@fast-lunch-54279 can you take this?
m
magnificent-energy-493
10/31/2022, 11:06 AM
Hey Robert, Ory checks credentials against haveibeenpwned by default, that would also help.
Captcha or something similar to prevent large scale automated login requests is also on the roadmap for Ory Network. Will follow up with some details.
b
big-agent-51580
10/31/2022, 12:03 PM@magnificent-energy-493 nice. thank you
big-agent-51580
10/31/2022, 12:04 PMWe are evaluating a new captcha provider for our teams right now. that is why I ask if Ory already has something in place or in the pipeline
big-agent-51580
10/31/2022, 12:04 PMwe are thinking about https://friendlycaptcha.com/
f
fast-lunch-54279
10/31/2022, 12:05 PM
Hey Robert, three things here:
• Ory will automatically show captchas on suspicious activity when using the Ory Network, using our edge protection service
• You can add this explicitely yourself if you want more control, by using a blocking webhook in the login flow
• We'll add more options, intelligence and control as we move on, as Vincent says!
fast-lunch-54279
10/31/2022, 12:06 PM
so, i think you could just integrate friendly captcha into your sign up or login flow if you want explicit control, as we don't offer that [yet]
b
big-agent-51580
10/31/2022, 12:11 PMok. thanks for clarification @swift-chef-97535