captcha or similar for account creation?

Chris Karlof ckarlof at mozilla.com
Thu Oct 17 17:06:31 PDT 2013


On Oct 17, 2013, at 4:44 PM, Ryan Kelly <rfkelly at mozilla.com> wrote:

> 
> Hi All,
> 
> 
>  The current Firefox Accounts API does not have any protections around
> account-creation - you submit an email address and password, click the
> verification link, and you're done.
> 
>  Should we be looking to add a captcha or similar into this flow to
> limit signups to Real Humans Only?
> 

No CAPTCHAs. We're not going to push our problems on our users. 

Which means we need a solution for our problems. So, yeah, I'd prefer some rating limiting approach.

I'm not so strongly opposed to context dependent CAPTCHAs or similar things, e.g., a user has attempted 5 failed logins and the next one is going to require some extra work.

-chris


>  My instinct says no, as we've not had a good experience with captchas
> in the past - IIRC correctly there was a bug filed to disable them in
> the Sync account creation flow because they were more trouble than not.
> 
>  The alternative is to do request-level rate limiting, which is already
> in the works and could easily be special-cased to add stronger limits on
> the account-creation API.
> 
> 
>  Thoughts?
> 
> 
>    Ryan
> _______________________________________________
> Sync-dev mailing list
> Sync-dev at mozilla.org
> https://mail.mozilla.org/listinfo/sync-dev



More information about the Sync-dev mailing list