CAPTCHA, MFA, and Verification Limits
Rihario cannot automatically solve CAPTCHAs, handle multi-factor authentication (MFA), or complete age verification. These are intentional security measures that require human input. When encountered, exploration is marked as BLOCKED, and you can take control to handle them manually.
CAPTCHA
What Happens
When a CAPTCHA is encountered:
- AI detects CAPTCHA is present
- Exploration stops automatically
- Status marked as BLOCKED
- Reason: "CAPTCHA detected"
- You can take control to solve manually
Why CAPTCHAs Block Testing
CAPTCHAs are designed to prevent automation:
- Security measure - Prevents bots and automated tools
- Requires human input - Needs visual or cognitive recognition
- Cannot be automated - By design, prevents automation
How to Handle CAPTCHAs
- Use test environment - Disable CAPTCHAs in staging/test environments
- Take control manually - Pause exploration, solve CAPTCHA, resume
- Whitelist IPs - If possible, whitelist Rihario servers
- Use test accounts - Create accounts that bypass CAPTCHA
Multi-Factor Authentication (MFA)
What Happens
When MFA is required:
- AI submits login form
- MFA prompt appears
- AI cannot provide MFA code
- Exploration marked as BLOCKED
- Reason: "MFA prompt detected"
Why MFA Blocks Testing
MFA requires human input:
- Security requirement - Needs second factor (SMS, authenticator app, etc.)
- Requires human action - Cannot be automated
- Time-sensitive - Codes expire quickly
How to Handle MFA
- Use test accounts without MFA - Create accounts for testing
- Disable MFA in test environment - Turn off MFA for staging
- Take control manually - Pause, authenticate, resume
- Pre-authenticate - Log in manually before starting exploration
Age Verification
What Happens
When age verification is required:
- Age gate appears
- AI cannot confirm age
- Exploration may be BLOCKED
- May attempt to proceed (varies)
How to Handle Age Verification
- Disable in test environment - Remove age gates for testing
- Take control manually - Handle verification manually
- Use test environment - Test on staging without age gates
Other Verification Limits
Email Verification
- Cannot access email - Rihario cannot check email inboxes
- Manual verification - You must verify emails manually
- Use test accounts - Pre-verified test accounts
SMS Verification
- Cannot receive SMS - Rihario cannot receive text messages
- Manual verification - You must enter SMS codes
- Use test accounts - Accounts without SMS verification
Payment Verification
- Cannot process payments - Rihario cannot enter payment info
- Use test mode - Test payment systems in test mode
- Skip payment flows - Focus on other parts of your app
Best Practices
For Testing
- Use staging/test environments - Disable security measures for testing
- Create test accounts - Accounts without MFA, CAPTCHA, etc.
- Whitelist IPs - If possible, bypass CAPTCHA for Rihario IPs
- Pre-authenticate - Log in manually before exploring
When You Must Test With Security
- Take control manually - Handle CAPTCHA/MFA yourself
- Test specific flows - Focus on flows after authentication
- Accept limitations - Some flows can't be fully automated
Understanding BLOCKED Status
When exploration is BLOCKED:
- Not a bug - This is expected behavior
- Security working - Your security measures are functioning
- Manual intervention needed - Requires human action
- Can continue - Take control and resume exploration
Limitations Summary
Cannot automate:
- CAPTCHA solving
- MFA code entry
- Age verification
- Email verification
- SMS verification
- Payment processing
Workarounds:
- Use test environments
- Create test accounts
- Disable security measures for testing
- Take control manually