Security updates: reCaptcha and Two-factor Authentication

  • Comment

As we continue to add features like Donation Points to our services, the security of your account becomes more and more important. To that end, the team has been working to provide you with updated systems and tools that will help to ensure that your account and content do not fall into the wrong hands. 

reCaptcha

Many of you have no doubt already noticed the first of these new features when logging in to the website, known as reCaptcha. Most of the time, this system will not require any input from the user, but if deemed necessary, you may be presented with a challenge or puzzle that is intended to be easy to solve by us humans but prove difficult for bots. Only after carefully reading and successfully completing the challenge, will you be able to log in. 

We realize that this may be a bit of an annoyance, but we feel these systems are necessary to help ensure that our services are not compromised, keeping your accounts and content secure. More information about our primary captcha service can be found here: https://support.google.com/recaptcha/



Though most people will see Google's reCaptcha 2 system, if it fails to load for whatever reason, the website will fall-back to a similar alternative. Only when you are logging in will this affect you. So as long as your account remains logged in on your device(s) of choice, you will not be bothered by this minor hurdle (though always be sure to log out when using a public device, of course).


Two-factor Authentication

The more recent addition to our account security suite is known as Two-factor authentication. When enabled, this system serves two purposes. First, it is designed to keep your account secure by ensuring that you, and only you, have access to your account. Secondly, it provides a method to regain access to your account in the event that you lose control of the email address associated with it.



Though optional, we highly suggest that you enable this feature to help ensure the security of your account. More detailed information about our new Two-factor Authentication system can be found here: https://help.nexusmods.com/article/74-two-factor-authentication-for-nexus-mods

That's all for now. We hope that these new systems serve you well. If you have any questions or concerns, comment below or contact [email protected] 

Cheers!

53 comments

  1. LadyHonor
    LadyHonor
    • supporter
    • 709 posts
    • 21 kudos
    This is so dumb. I usually like the sites upgrades, but this one is nothing but a pain. When I accessed it with my pc all I had to do is click "I am not a robot." When I accessed it with my cellphone I had to do the captcha thing that was nearly impossible to read. I finally had to use the audio thingie to say it for me. If it has to be there it would make much more sense to only have to click the I am not a robot for cell access and do the captcha thing for your pc browser.
  2. ozzyfan
    ozzyfan
    • member
    • 94 posts
    • 6 kudos
    I'd prefer a tap/click-to-solve authentication to ones where you have to type out words. More convenient for mobile phone users.
  3. customtemplar
    customtemplar
    • supporter
    • 132 posts
    • 5 kudos
    This is a step in the right direction, but SMS based 2FA is not very robust as its vulnerable to interception. Hopefully TOTP 2FA can be implemented soon.
  4. TheCaptain19WingNut
    TheCaptain19WingNut
    • supporter
    • 99 posts
    • 0 kudos
    "Most of the time, this system will not require any input from the user, but if deemed necessary, you may be presented with a challenge or puzzle that is intended to be easy to solve by us humans but prove difficult for bots." THIS HAPPENS EVERY DAMN TIME I TRY TO LOG IN!! The text is completely unreadable. It takes usually 6+ tries and dozens of reloading the text to get one I can kinda guess the letters of. It is anything but "easy for us humans" and nothing but an annoyance that DOES NOT HELP WITH SECURITY. Just read this: https://www.komando.com/happening-now/355395/captcha-codes-are-more-than-just-annoying-theyre-putting-your-security-at-risk. This is completely useless.
    1. TheCaptain19WingNut
      TheCaptain19WingNut
      • supporter
      • 99 posts
      • 0 kudos
      Well it only took 2 dozen time today. WTF!!!!! Its about time nexus had some competition. This used to be a good site but its been getting worse. They dont support NMM anymore and the re-captcha is a damn joke.
    2. Mk15dap3sLVLghnQfIzftlkNU4
      Mk15dap3sLVLghnQfIzftlkNU4
      • supporter
      • 68 posts
      • 1 kudos
      I'll add this here:
      "Google's new CAPTCHA security login raises 'legitimate privacy concerns'"
      https://www.businessinsider.com.au/google-no-captcha-adtruth-privacy-research-2015-2

      Partial summary. Google ReCaptcha doesn't just check if you're human, it identifies you as a specific individual and tracks your travels across the Internet (e.g. including sites with Google captcha logins). When you use their recaptcha, they also place / update a Google cookie to remember where you individually have been / your activities. They use a mix of fingerprinting techniques (anonymity-defeating techniques), including examining all info about your browser, including which browser addons you have installed. In other words, it's Google.
    3. CyniclyPink
      CyniclyPink
      • supporter
      • 725 posts
      • 8 kudos
      Im really looking forward to the reply for this.....

      "Google's new CAPTCHA security login raises 'legitimate privacy concerns'"
      https://www.businessinsider.com.au/google-no-captcha-adtruth-privacy-research-2015-2
    4. Xz0mb13killaX
      Xz0mb13killaX
      • member
      • 177 posts
      • 3 kudos
      the mere act of casually browsing mods isn't even fun anymore.........
  5. Dipanjanc33
    Dipanjanc33
    • member
    • 425 posts
    • 2 kudos
    Well new problem found, the second recaptcha (the one with number challenge) just keeps giving me error of my code being wrong every time reloading doesn't work and I have to restart my whole browser and reconnect my net to get first recaptcha (the one with a blue arrow) and then I'm finally able to login
    Don't think it's properly working for me
    1. Pickysaurus
      Pickysaurus
      • Community Manager
      • 3,882 posts
      • 104 kudos
      We made some changes to the system over the last couple of days so it should be working as expected for everyone now.
    2. Dipanjanc33
      Dipanjanc33
      • member
      • 425 posts
      • 2 kudos
      Ok now that's what i like about this community , instant reply with instant system fix(or say check)
      anyway really appreciate the reply and thanks again for taking your time for replying
  6. NexusChrono75
    NexusChrono75
    • member
    • 86 posts
    • 2 kudos
    It's gonna be authentic with ReCaptcha anyone?
  7. Rodjama
    Rodjama
    • supporter
    • 49 posts
    • 0 kudos
    I had major issues with the captcha mechanism on my gaming machine. When enabling the audio, it doesn't match what's on the screen...
    After several attempts with & without the audio clues, I gave up.
    This was yesterday, but today no issues of course logging in & did not have to fill out that silly captcha rubbish

    Very odd!.
  8. Balx2
    Balx2
    • premium
    • 122 posts
    • 1 kudos
    2FA is good news but something changed and now I can't log into the forums at all. I click on forums and then on the log in button and it says I am already logged in and the page it redirects to doesn't have a log out option. Could probably fix it by deleting cookies and session data but I should not have to do that and most people wouldn't know to try doing that.
    1. Pickysaurus
      Pickysaurus
      • Community Manager
      • 3,882 posts
      • 104 kudos
      Please log out from the site and login again, you have outdated cookies stored in your browser :)
    2. Balx2
      Balx2
      • premium
      • 122 posts
      • 1 kudos
      Thanks Pickysaurus, appreciate that you took the time to respond to my comment.
    3. Rodjama
      Rodjama
      • supporter
      • 49 posts
      • 0 kudos
      ....
  9. 0xfeeddeadbeef
    0xfeeddeadbeef
    • premium
    • 3 posts
    • 0 kudos
    What about adding FIDO key (Yubikey, etc) as another 2FA option?
  10. ConnieandMike
    ConnieandMike
    • supporter
    • 45 posts
    • 0 kudos
    I don't mind the capta but when it starts wanting me to click on pictures that have this or that in them... I can't stand that. It just goes on & on sometimes.
    1. Kenrox
      Kenrox
      • member
      • 1,138 posts
      • 12 kudos
      Cause you are a robot.
      Gotcha!
    2. Dipanjanc33
      Dipanjanc33
      • member
      • 425 posts
      • 2 kudos
      And robots don't complain!!!
    3. Moksha8088
      Moksha8088
      • member
      • 5,532 posts
      • 40 kudos
      I think one of the first rules of robotics is that the robot is supposed to comply provided you have purchased both the robot enabling microtransaction and a set of the Doom Marine Power Armor.
    4. Black Jack 11
      Black Jack 11
      • member
      • 282 posts
      • 4 kudos
      Give me the pictures over the word reCaptcha i suck at the word reCaptcha
    5. BAPWAS
      BAPWAS
      • member
      • 2,498 posts
      • 32 kudos
      What if a Synth tries to log in? :D
      Jokes aside, ConnieandMike said it right. It just goes on and on most of the times (7-8 pictures sometime).
    6. Pickysaurus
      Pickysaurus
      • Community Manager
      • 3,882 posts
      • 104 kudos
      The number of image challenges is based on how convinced Google is that you're not a synth... once you've got passed them though you can stay logged in or it should require less challenges (or none) next time you try to login.
    7. Dubbyk
      Dubbyk
      • supporter
      • 756 posts
      • 9 kudos
      Lets hope it's more effective then the G.O.A.T. at spotting robots
    8. dubiousintent
      dubiousintent
      • premium
      • 5,407 posts
      • 29 kudos
      "It just goes on & on sometimes." Been there, had that.

      This can happen if you do not enable cookies from third-party sites (such as Google) or destroy them too quickly. You definitely need to enable persistent cookies from "*.Nexus.com" to avoid most of the recaptcha annoyance on your personal device.
REPORT BUG
Top