captcha or similar for account creation?

Monica Chew mmc at mozilla.com
Thu Oct 17 17:24:12 PDT 2013


Having a verified email address at a big webmail provider provides some guarantee by proxy that a human is behind the address (or at least has figured out how to abuse the account creation system at the mail provider).

http://www.blackhatworld.com/blackhat-seo/seo-other/72970-youtube-gmail-hotmail-yahoo-accounts-highest-quality-lowest-price.html

For unknown domains this question is harder. By the way, is Mozilla planning to provide email addresses?

Monica

----- Original Message -----
> 
> On Oct 17, 2013, at 4:44 PM, Ryan Kelly <rfkelly at mozilla.com> wrote:
> 
> > 
> > Hi All,
> > 
> > 
> >  The current Firefox Accounts API does not have any protections around
> > account-creation - you submit an email address and password, click the
> > verification link, and you're done.
> > 
> >  Should we be looking to add a captcha or similar into this flow to
> > limit signups to Real Humans Only?
> > 
> 
> No CAPTCHAs. We're not going to push our problems on our users.
> 
> Which means we need a solution for our problems. So, yeah, I'd prefer some
> rating limiting approach.
> 
> I'm not so strongly opposed to context dependent CAPTCHAs or similar things,
> e.g., a user has attempted 5 failed logins and the next one is going to
> require some extra work.
> 
> -chris
> 
> 
> >  My instinct says no, as we've not had a good experience with captchas
> > in the past - IIRC correctly there was a bug filed to disable them in
> > the Sync account creation flow because they were more trouble than not.
> > 
> >  The alternative is to do request-level rate limiting, which is already
> > in the works and could easily be special-cased to add stronger limits on
> > the account-creation API.
> > 
> > 
> >  Thoughts?
> > 
> > 
> >    Ryan
> > _______________________________________________
> > Sync-dev mailing list
> > Sync-dev at mozilla.org
> > https://mail.mozilla.org/listinfo/sync-dev
> 
> _______________________________________________
> Sync-dev mailing list
> Sync-dev at mozilla.org
> https://mail.mozilla.org/listinfo/sync-dev
> 


More information about the Sync-dev mailing list