Is there anything more fun than the Captcha game at AWS login?


I must say, I do enjoy the average of 3-5 times it takes to accurately complete the random character captcha security check each time I try to login to AWS from the web console or the mobile app. Nothing says "convenience" like authenticating against bots on my own mobile device or trusted workstation.

In case you missed the tone of the above, this is sarcasm. Now for the constructive criticism:

Captcha image checks are supposed to protect against rogue hacking scripts. I wouldn't mind it as much if the images were clear and accurate, but, as I indicated above, they rarely translate into the accepted answer. Additionally, AI is making these types of checks obsolete as well, so image checks are starting to show their age.

AWS, please accept this constructive criticism and an area that would make your customer experience improve dramatically.

  • I have to agree - the AWS captcha is really, really sucky - I get the captcha 100% of the time when logging in, and can almost never figure out what the characters are. It fails about 90 percent of the time. (and I have 20/20 vision) I have to resort to the audio version of the captcha which obviously takes tons of time. Really hope the Amazon will fix this because this visual captcha is totally useless today. Very frustrating. I also tried to turn on MFA in hopes of getting rid of the captcha all together - no luck

  • Agree - just took me > 10 tries to login. Completely ridiculous..

  • It would also will be less anoying if that session will survive more then a few hours. Or captha will not be used when account has MFA.

  • I agree. When I have 2FA, I don't think that this captcha that is terribly annoying, is anywhere useful. Even on my Android phone, I get this captcha. Imagine logging on your Android phone, or into your bank app on your phone required, beside the fingerprint sensor, an Amazon-quality captcha :(

  • Completely agree, the captcha is incredibly annoying and can cause logging in to take 10 minutes of repeated tries at matching the 6 characters. Relieved to hear that even people with 20/20 vision have trouble with this. I was hoping to find a config setting that would turn this off for our account, but I don't see one mentioned here. Hoping enough people complain that AWS will allow turning off captcha.

1 Answer

In my experience, I only get the captcha challenge when using the the root account login. AWS IAM Security best practices recommend the use of IAM Admin User accounts for day-to-day use.

When configured with MFA, IAM Users don't get challenged by captcha.

answered 2 years ago
  • That's a great tip, Daniel, and, certainly, one worth exploring. I'm familiar with superuser best practices, but I can see how a good portion of users are utilizing their root account (especially if they are in a set-and-forget-it situation with their application).

    Thanks for the link!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions