captcha or similar for account creation?

Chris Karlof ckarlof at
Thu Oct 17 17:06:31 PDT 2013

On Oct 17, 2013, at 4:44 PM, Ryan Kelly <rfkelly at> wrote:

> Hi All,
>  The current Firefox Accounts API does not have any protections around
> account-creation - you submit an email address and password, click the
> verification link, and you're done.
>  Should we be looking to add a captcha or similar into this flow to
> limit signups to Real Humans Only?

No CAPTCHAs. We're not going to push our problems on our users. 

Which means we need a solution for our problems. So, yeah, I'd prefer some rating limiting approach.

I'm not so strongly opposed to context dependent CAPTCHAs or similar things, e.g., a user has attempted 5 failed logins and the next one is going to require some extra work.


>  My instinct says no, as we've not had a good experience with captchas
> in the past - IIRC correctly there was a bug filed to disable them in
> the Sync account creation flow because they were more trouble than not.
>  The alternative is to do request-level rate limiting, which is already
> in the works and could easily be special-cased to add stronger limits on
> the account-creation API.
>  Thoughts?
>    Ryan
> _______________________________________________
> Sync-dev mailing list
> Sync-dev at

More information about the Sync-dev mailing list