Replace the HTTP Authentication with a login page

Horizon

Hello,
I thought about a new idea which is to replace the HTTP Authentication prompt with a login page instead.
This would also allow you to put a captcha on the page to prevent bots from trying to bruteforce the admin credentials.
This way with a captcha you can ban for e.g. 1 hour any IP address that failed the captcha 3 times, additionally to banning IPs if they fail authentication (wrong password) too many times.
I think that HTTP Authentication is rather very weak and is super-easy to bruteforce without having to parse any HTML or decode any captchas.
For the captcha a novel way to do it is by generating vector graphics that visually like letters but are actually tiny illogically positioned vector shapes.
This makes it harder for script-kiddies to try bruteforcing the captchas automatically since almost zero ready-made script online supports SVG captcha (not even converting to PNG then decoding).
Example: https://github.com/NikolaiT/SVG-Captcha
And with overlapping background 'noise' such as background letters, it's even possible to create one single weirdly shaped letter that merges as one shape both the front & the rear one behind.
There has indeed been efforts in decoding them thoughn as seen here:
https://github.com/AmireNoori/SVG-Captcha-Solver
However we can pretty much already decode PNG or JPG captcha anyway, and SVG allows any device to properly render the letters for accessibility purposes.
We can as well ward off the 'noobs' / script-kiddies this way and only have to focus on the 'more intelligent' threats this way, which is still somewhat pretty beneficial.
The login page I suggest would look very much native just like other Abyss Web Server forms:

The captcha part would however only be shown to non-localhost IP addresses (not 127.0.0.0/8 or ::1).
Also, HTTP Authentication was many times in risk of disappearing from Web browsers in the past (it was scheduled to be deprecated & removed more than once).
I hope that we can replace this HTTP Authentication with a simple login form, and it would even be able to 'remember login' for e.g. 1 day so that we don't have to relog again until next day from the same web browser (using a cookie).

devastator82

I am skeptical about this suggestion.
In my opinion, there is no issue in protecting the web console behind a router with VPN software running on it. This approach ensures both safety and eliminates any potential troubles.
All I need to do is connect my device to the hidden port of the VPN, and voila! I can log into the web console without having to enter my credentials. This is because my Safari browser has automatically saved them.

admin

Horizon,
HTTP authentication will eventually be offered as a legacy login method. We will be moving to modern schemes for the newer revisions.
Captchas may not be the best way to harden the login page.
What about TOTP https://en.wikipedia.org/wiki/Time-based_one-time_password ? It may be better in the long run.