Preventing Automatic Signup Attempts

Q: Do you also have any protection against automatic signup attempts by spammers?

A: First, we rate-limit signups and IPs, which helps curb abuses.

For signups, our system has 2 different modes of operation for usernames/passwords. By default, signups directly create user records. The second mode creates a “signup token” instead, which can be used to create the user or can be simply be discarded (and recreated without concern for duplicates). In this mode, your system would receive the token, perform any secondary checks, challenges, verifications, or whatever, and only if successful exchange the token for a user record.

Tagged with: signups spam protection passwords

Questions? Find a Typo? Get in touch.