• I make websites
  • If someone is banned twice (two accounts) I want it to take them more than 5min and a VPN to make a 3rd account
  • I’m okay with extreme solutions, like requiring everyone to have a Yubikey-or-similar physical key
  • I really hate the trend of relying on a phone number or Google capcha as a not-a-bot detection. Both have tons of problems
  • but spam (automated account creation) is a real problem

What kind of auth should I use for my websites?

  • ReveredOxygen@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    It’s not as bad if it’s only on sign up, because you’re normally not autofilling there. But it’s still bad for accessibility

    • Zagorath
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 months ago

      It’s definitely not as bad for sign up, but it’s still a problem because usually after hitting “submit”, the password manager will detect what you just did and pop up something like “want me to save that?”