captcha or similar for account creation?

Ryan Kelly rfkelly at mozilla.com
Thu Oct 17 16:44:47 PDT 2013


Hi All,


  The current Firefox Accounts API does not have any protections around
account-creation - you submit an email address and password, click the
verification link, and you're done.

  Should we be looking to add a captcha or similar into this flow to
limit signups to Real Humans Only?

  My instinct says no, as we've not had a good experience with captchas
in the past - IIRC correctly there was a bug filed to disable them in
the Sync account creation flow because they were more trouble than not.

  The alternative is to do request-level rate limiting, which is already
in the works and could easily be special-cased to add stronger limits on
the account-creation API.


  Thoughts?


    Ryan


More information about the Sync-dev mailing list