account login too restrictive

I've got two problems with login:

1) The verification email (which I have to do quite often because I clear cookies on browser restart) is valid only a few minutes. Too short because my email account has greylisting spam protection (https://en.wikipedia.org/wiki/Greylisting) which means the email arrives about 7 minutes late on average.

The short time span generally does not improve your security. I can't think of a realistic scenario against which you are protecting users or yourself from with this. Do you assume your 512 bit token can be guessed? Or somehow that hackers have email access, but only 5 minutes slower than the owner? What strange hack should that be?

2) captcha asks me from 3 to 8 times before it is sure I'm not a robot. Do I do something wrong? I don't know. But it seems you are a lot more paranoid than any other website I use on the net.