• I make websites
  • If someone is banned twice (two accounts) I want it to take them more than 5min and a VPN to make a 3rd account
  • I’m okay with extreme solutions, like requiring everyone to have a Yubikey-or-similar physical key
  • I really hate the trend of relying on a phone number or Google capcha as a not-a-bot detection. Both have tons of problems
  • but spam (automated account creation) is a real problem

What kind of auth should I use for my websites?

  • lemmyreader@lemmy.ml
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    7 months ago

    If I remember correctly I saw that Proton mail (or was it Yandex translate ?) created their own reCAPTCHA, where you’d have to slide one piece outside of a puzzle into the gap of the puzzle. Neat.

    Tor browser user here, btw.

    • 7heo@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      7 months ago

      Yeah, I find the puzzle sliding JavaScript captchas the best as a user. Cognitively better than “training neural networks to recognise protestors”, and still fast enough that it doesn’t feel like a forced ad. Reliability might however vary a lot between implementations.

    • andrew_bidlaw@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      Yandex one is correctly recognizing different symbols and tapping them in order. It was rather violent when it showed at any other click when I used it with adblocks and denied tracking while searching for images.