Skip to content

re: Preventing malicious authentication attempts while avoiding CAPTCHAs. VIEW POST

re: Discord is an example of using CAPTCHAs during sign in process. So is Riot. Password hashing functions are expensive operations. Which you must ta...

That falls under session token creation though.

I mean bar of entry as requirement after first failure, usually by IP and ID. It might be expensive, but with a use-after-fail it might make more sense.

I say this knowing that I'm simultaneously recommending two practises that are non-similar... it made a lot more sense in my head, anyway.

The tl;dr is that only put it in if you have some need not to, keep tokens that allow bypassing any other requirements or so on.

code of conduct - report abuse