We're seeing a lot of spam account creation on Wiki's. https://phabricator.wikimedia.org/T327176 taught us that they're somehow getting around the Captcha that's already in place, and we thus identified the need for an additional security layer to make it harder for spammers to get around.
We want to introduce Questy, see: https://www.mediawiki.org/wiki/Extension:QuestyCaptcha, in addition to the existing Captcha.
Our bet is that this is a more effective solution than either ReCaptcha or HCaptcha, since it requires a set of questions and answers that can only be answered by legit users.
Link to figma file (please feel free to click around in the file, i've enabled "dev view" which removes the need for me to spec out everything individually (hopefully))
AC:
- Use Questy in combination with ConfirmEdit as a Captcha for Mediawiki
- End users (signing up) have to pass QuestyCaptcha when enabled on the Wikibase (use the usual MW design elements)
- Should be easily manageable by Wiki admins
- Wiki admins should be able toggle whether they want to enable/disable Questy
- Should be disabled by default
- should be collapsed by default
- Error cases are implemented