- I make websites
- If someone is banned twice (two accounts) I want it to take them more than 5min and a VPN to make a 3rd account
- I’m okay with extreme solutions, like requiring everyone to have a Yubikey-or-similar physical key
- I really hate the trend of relying on a phone number or Google capcha as a not-a-bot detection. Both have tons of problems
- but spam (automated account creation) is a real problem
What kind of auth should I use for my websites?
PoW? The client need to do some computation before the server takes the like signup or signin or something. Not 100% foolproof but can thwart some bot attempts I guess.
PoW sure, but like what’s the tool name. Rolling my own PoW sounds not-smart. I’ve messed with metamask a bit but last I check isn’t real practical for mobile.