What is Rate Limiting / Account Blocking / CAPTCHA?

To ensure the security and stability of our authentication systems, Prowise uses multiple protective measures including rate limiting, CAPTCHA verification, and account blocking. These mechanisms work together to prevent abuse, reduce system load, and protect user accounts—especially those of younger users.

Rate Limiting

Rate limiting helps prevent automated misuse by temporarily slowing down or rejecting requests when unusual patterns are detected. These patterns may include:

  • Excessive requests from a single source (e.g., IP address or browser session)

  • Unusual interest in a single user account (e.g., repeated login attempts for the same email or username)

  • Behaviours that indicate possible scripting or automation

Soft Limits

When a soft threshold is reached:

  • Further requests may trigger a CAPTCHA challenge to confirm the user is human.

  • This CAPTCHA is privacy-friendly and EU-based. No personal data or IP address is shared with the provider.

  • CAPTCHA is completed silently in the background, typically requiring no user interaction.

Hard Limits

If a hard limit is triggered:

  • All related requests are blocked temporarily.

  • The block expires automatically after a delay.

  • To protect against abuse, we do not disclose the exact thresholds or expiry durations, and these may change over time.

These limits are designed to protect the system without affecting regular usage.

Account Blocking (Primarily for Picture Login)

For Picture Login—used mostly by students—additional safeguards are in place:

  • When repeated failed attempts are made to log in to the same account (often caused by multiple students selecting the wrong profile), the account may be blocked.

  • This is especially important due to the lower complexity of picture and student text passwords.

  • A blocked account cannot be accessed until it is manually unblocked by a teacher or administrator.

Administrators can configure how many failed attempts are allowed before blocking occurs by adjusting Picture Login settings in the Account Management portal.

What is CAPTCHA?

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart".

  • It is designed to detect bots or automated scripts.

  • While Google’s reCAPTCHA is widely known, we use an EU-based, privacy-focused CAPTCHA provider.

  • To protect your data, we proxy all CAPTCHA interactions—no IP addresses or user identifiers are shared.

  • The system collects browser-based signals (such as movement and activity) to assess whether the user is human.

  • This check runs in the background and may delay login or password validation by a few seconds.

Troubleshooting

If you're experiencing issues accessing your account or seeing CAPTCHA unexpectedly, contact your administrator or visit our Troubleshooting Login Issues guide.