Hi All,
The current Firefox Accounts API does not have any protections around
account-creation - you submit an email address and password, click the
verification link, and you're done.
Should we be looking to add a captcha or similar into this flow to
limit signups to Real Humans Only?
My instinct says no, as we've not had a good experience with captchas
in the past - IIRC correctly there was a bug filed to disable them in
the Sync account creation flow because they were more trouble than not.
The alternative is to do request-level rate limiting, which is already
in the works and could easily be special-cased to add stronger limits on
the account-creation API.
Thoughts?
Ryan
_______________________________________________
Sync-dev mailing list
[email protected]
https://mail.mozilla.org/listinfo/sync-dev
