On Oct 17, 2013, at 4:44 PM, Ryan Kelly <[email protected]> wrote:
> > Hi All, > > > The current Firefox Accounts API does not have any protections around > account-creation - you submit an email address and password, click the > verification link, and you're done. > > Should we be looking to add a captcha or similar into this flow to > limit signups to Real Humans Only? > No CAPTCHAs. We're not going to push our problems on our users. Which means we need a solution for our problems. So, yeah, I'd prefer some rating limiting approach. I'm not so strongly opposed to context dependent CAPTCHAs or similar things, e.g., a user has attempted 5 failed logins and the next one is going to require some extra work. -chris > My instinct says no, as we've not had a good experience with captchas > in the past - IIRC correctly there was a bug filed to disable them in > the Sync account creation flow because they were more trouble than not. > > The alternative is to do request-level rate limiting, which is already > in the works and could easily be special-cased to add stronger limits on > the account-creation API. > > > Thoughts? > > > Ryan > _______________________________________________ > Sync-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/sync-dev _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
