Security updates: reCaptcha and Two-factor Authentication

  • Comment
As we continue to add features like Donation Points to our services, the security of your account becomes more and more important. To that end, the team has been working to provide you with updated systems and tools that will help to ensure that your account and content do not fall into the wrong hands. 

reCaptcha

Many of you have no doubt already noticed the first of these new features when logging in to the website, known as reCaptcha. Most of the time, this system will not require any input from the user, but if deemed necessary, you may be presented with a challenge or puzzle that is intended to be easy to solve by us humans but prove difficult for bots. Only after carefully reading and successfully completing the challenge, will you be able to log in. 

We realize that this may be a bit of an annoyance, but we feel these systems are necessary to help ensure that our services are not compromised, keeping your accounts and content secure. More information about our primary captcha service can be found here: https://support.google.com/recaptcha/



Though most people will see Google's reCaptcha 2 system, if it fails to load for whatever reason, the website will fall-back to a similar alternative. Only when you are logging in will this affect you. So as long as your account remains logged in on your device(s) of choice, you will not be bothered by this minor hurdle (though always be sure to log out when using a public device, of course).


Two-factor Authentication

The more recent addition to our account security suite is known as Two-factor authentication. When enabled, this system serves two purposes. First, it is designed to keep your account secure by ensuring that you, and only you, have access to your account. Secondly, it provides a method to regain access to your account in the event that you lose control of the email address associated with it.



Though optional, we highly suggest that you enable this feature to help ensure the security of your account. More detailed information about our new Two-factor Authentication system can be found here: https://help.nexusmods.com/article/74-two-factor-authentication-for-nexus-mods

That's all for now. We hope that these new systems serve you well. If you have any questions or concerns, comment below or contact [email protected] 

Cheers!

58 comments

  1. Gummiel
    Gummiel
    • member
    • 295 posts
    • 8 kudos
    Aww no option to use a 2FA app on your phone? Ofc this is better than nothing, and deffinatly a step in the right direction, but 2FA with email only is rather cumbersome to use, compared to an app on your phone
    1. kojak747
      kojak747
      • supporter
      • 1,226 posts
      • 123 kudos
      i prefer 2fa email tbh
    2. Gummiel
      Gummiel
      • member
      • 295 posts
      • 8 kudos
      Well I never said to replace it, but offer it as an option beside it, that said the kind of 2FA that utilize a phone app, is in fact more secure, since with a mail based system there is a mail that could be intercepted with the code needed to get into ones account, where as the app based 2FA dont have any data being send at at all, so they would literally have to hack into your phone first to then get the code
    3. acbatchelor
      acbatchelor
      • premium
      • 545 posts
      • 15 kudos
      I agree that there should be an option for 2FA by phone. It doesn't even have to be an app. I've seen it done by text message as well.
    4. AzureRaptor
      AzureRaptor
      • premium
      • 12 posts
      • 0 kudos
      I strongly second the motion for an optional TOTP-based 2FA system. It's really not that hard to set up, and considerably more secure than email-based 2fa - nor is it subject to email delays.
  2. GOLDENTRIANGLES
    GOLDENTRIANGLES
    • member
    • 487 posts
    • 4 kudos
    Looks good.
    1. JaxomPern
      JaxomPern
      • member
      • 2 posts
      • 0 kudos
      NO it does not look godd ;(

      I have now tried 2 WEEKS daily multiple times to login and recaptcha did not work and fallback did not Trigger!
      It is pure Luck it did trigger now! I Start toi really HATE Google recaptcha and Nexusmods gets more and more annoying.

      WHY ?! Money issus (Server) or whatever.. And i can't update my hardware or software just for fun to "meet" their expectations money is THERE an issue too ;)

      P.S. Please think about people not able to use "modern" browsers. And sometimes "modern browsesr are an annoyance too.
    2. KamranMackey
      KamranMackey
      • supporter
      • 22 posts
      • 0 kudos
      They're not going to focus on older hardware or browsers. It's 2018, they're just trying to adapt to newer technology. It's not their fault that your older hardware can't seem to exactly keep up. And it's not money issues, it's security issues. They need to enhance their security otherwise the risks of them getting hacked are higher.
  3. ConnieandMike
    ConnieandMike
    • supporter
    • 49 posts
    • 0 kudos
    I don't mind the capta but when it starts wanting me to click on pictures that have this or that in them... I can't stand that. It just goes on & on sometimes.
    1. Kenrox
      Kenrox
      • member
      • 1,151 posts
      • 16 kudos
      Cause you are a robot.
      Gotcha!
    2. Dipanjanc33
      Dipanjanc33
      • member
      • 551 posts
      • 3 kudos
      And robots don't complain!!!
    3. Moksha8088
      Moksha8088
      • supporter
      • 5,935 posts
      • 47 kudos
      I think one of the first rules of robotics is that the robot is supposed to comply provided you have purchased both the robot enabling microtransaction and a set of the Doom Marine Power Armor.
    4. Black Jack 11
      Black Jack 11
      • member
      • 284 posts
      • 4 kudos
      Give me the pictures over the word reCaptcha i suck at the word reCaptcha
    5. BAPWAS
      BAPWAS
      • member
      • 2,515 posts
      • 35 kudos
      What if a Synth tries to log in? :D
      Jokes aside, ConnieandMike said it right. It just goes on and on most of the times (7-8 pictures sometime).
    6. Pickysaurus
      Pickysaurus
      • Community Manager
      • 5,418 posts
      • 138 kudos
      The number of image challenges is based on how convinced Google is that you're not a synth... once you've got passed them though you can stay logged in or it should require less challenges (or none) next time you try to login.
    7. Dubbyk
      Dubbyk
      • supporter
      • 834 posts
      • 11 kudos
      Lets hope it's more effective then the G.O.A.T. at spotting robots
    8. dubiousintent
      dubiousintent
      • premium
      • 5,935 posts
      • 31 kudos
      "It just goes on & on sometimes." Been there, had that.

      This can happen if you do not enable cookies from third-party sites (such as Google) or destroy them too quickly. You definitely need to enable persistent cookies from "*.Nexus.com" to avoid most of the recaptcha annoyance on your personal device.
    9. anonymousgammer740
      anonymousgammer740
      • member
      • 621 posts
      • 0 kudos
      makes me wounder what they have agents robots . .
  4. LadyHonor
    LadyHonor
    • supporter
    • 734 posts
    • 21 kudos
    This is so dumb. I usually like the sites upgrades, but this one is nothing but a pain. When I accessed it with my pc all I had to do is click "I am not a robot." When I accessed it with my cellphone I had to do the captcha thing that was nearly impossible to read. I finally had to use the audio thingie to say it for me. If it has to be there it would make much more sense to only have to click the I am not a robot for cell access and do the captcha thing for your pc browser.
    1. anonymousgammer740
      anonymousgammer740
      • member
      • 621 posts
      • 0 kudos
      yea i don't like it either it is stupid and pointless to have a set up like that . i would never do something like that if i run a website .
  5. ozzyfan
    ozzyfan
    • member
    • 169 posts
    • 6 kudos
    I'd prefer a tap/click-to-solve authentication to ones where you have to type out words. More convenient for mobile phone users.
  6. customtemplar
    customtemplar
    • supporter
    • 141 posts
    • 5 kudos
    This is a step in the right direction, but SMS based 2FA is not very robust as its vulnerable to interception. Hopefully TOTP 2FA can be implemented soon.
  7. TheCaptain19WingNut
    TheCaptain19WingNut
    • supporter
    • 102 posts
    • 1 kudos
    "Most of the time, this system will not require any input from the user, but if deemed necessary, you may be presented with a challenge or puzzle that is intended to be easy to solve by us humans but prove difficult for bots." THIS HAPPENS EVERY DAMN TIME I TRY TO LOG IN!! The text is completely unreadable. It takes usually 6+ tries and dozens of reloading the text to get one I can kinda guess the letters of. It is anything but "easy for us humans" and nothing but an annoyance that DOES NOT HELP WITH SECURITY. Just read this: https://www.komando.com/happening-now/355395/captcha-codes-are-more-than-just-annoying-theyre-putting-your-security-at-risk. This is completely useless.
    1. TheCaptain19WingNut
      TheCaptain19WingNut
      • supporter
      • 102 posts
      • 1 kudos
      Well it only took 2 dozen time today. WTF!!!!! Its about time nexus had some competition. This used to be a good site but its been getting worse. They dont support NMM anymore and the re-captcha is a damn joke.
    2. Mk15dap3sLVLghnQfIzftlkNU4
      Mk15dap3sLVLghnQfIzftlkNU4
      • supporter
      • 75 posts
      • 1 kudos
      I'll add this here:
      "Google's new CAPTCHA security login raises 'legitimate privacy concerns'"
      https://www.businessinsider.com.au/google-no-captcha-adtruth-privacy-research-2015-2

      Partial summary. Google ReCaptcha doesn't just check if you're human, it identifies you as a specific individual and tracks your travels across the Internet (e.g. including sites with Google captcha logins). When you use their recaptcha, they also place / update a Google cookie to remember where you individually have been / your activities. They use a mix of fingerprinting techniques (anonymity-defeating techniques), including examining all info about your browser, including which browser addons you have installed. In other words, it's Google.
    3. CyniclyPink
      CyniclyPink
      • supporter
      • 787 posts
      • 9 kudos
      Im really looking forward to the reply for this.....

      "Google's new CAPTCHA security login raises 'legitimate privacy concerns'"
      https://www.businessinsider.com.au/google-no-captcha-adtruth-privacy-research-2015-2
    4. Xz0mb13killaX
      Xz0mb13killaX
      • member
      • 178 posts
      • 3 kudos
      the mere act of casually browsing mods isn't even fun anymore.........
  8. Dipanjanc33
    Dipanjanc33
    • member
    • 551 posts
    • 3 kudos
    Well new problem found, the second recaptcha (the one with number challenge) just keeps giving me error of my code being wrong every time reloading doesn't work and I have to restart my whole browser and reconnect my net to get first recaptcha (the one with a blue arrow) and then I'm finally able to login
    Don't think it's properly working for me
    1. Pickysaurus
      Pickysaurus
      • Community Manager
      • 5,418 posts
      • 138 kudos
      We made some changes to the system over the last couple of days so it should be working as expected for everyone now.
    2. Dipanjanc33
      Dipanjanc33
      • member
      • 551 posts
      • 3 kudos
      Ok now that's what i like about this community , instant reply with instant system fix(or say check)
      anyway really appreciate the reply and thanks again for taking your time for replying
  9. NexusChrono75
    NexusChrono75
    • member
    • 90 posts
    • 2 kudos
    It's gonna be authentic with ReCaptcha anyone?
  10. Rodjama
    Rodjama
    • supporter
    • 51 posts
    • 0 kudos
    I had major issues with the captcha mechanism on my gaming machine. When enabling the audio, it doesn't match what's on the screen...
    After several attempts with & without the audio clues, I gave up.
    This was yesterday, but today no issues of course logging in & did not have to fill out that silly captcha rubbish

    Very odd!.
Top