captcha or similar for account creation?
rfkelly at mozilla.com
Thu Oct 17 16:44:47 PDT 2013
The current Firefox Accounts API does not have any protections around
account-creation - you submit an email address and password, click the
verification link, and you're done.
Should we be looking to add a captcha or similar into this flow to
limit signups to Real Humans Only?
My instinct says no, as we've not had a good experience with captchas
in the past - IIRC correctly there was a bug filed to disable them in
the Sync account creation flow because they were more trouble than not.
The alternative is to do request-level rate limiting, which is already
in the works and could easily be special-cased to add stronger limits on
the account-creation API.
More information about the Sync-dev