• I make websites
  • If someone is banned twice (two accounts) I want it to take them more than 5min and a VPN to make a 3rd account
  • I’m okay with extreme solutions, like requiring everyone to have a Yubikey-or-similar physical key
  • I really hate the trend of relying on a phone number or Google capcha as a not-a-bot detection. Both have tons of problems
  • but spam (automated account creation) is a real problem

What kind of auth should I use for my websites?

  • shortwavesurfer
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    7 months ago

    Can you do some sort of proof of work? That doesn’t cut down all the bots, for sure. But it cuts down mass creation of accounts.

    Edit: Have a look at how the Tor Project has managed distributed denial of service or mini-cryptocurrencies such as Monero