Duplicate password input field but visually hidden, so real users can not fill it, but bots see it and fill it, if honeypot field has any content, request is invalid.
Easy to implement, dont need Google account, dont need config, does not replace ReCaptcha but complements it, theres no silver bullet but everything helps, we can use a when to enable it at compile time.
:thinking:
https://stackoverflow.com/questions/36227376/better-honeypot-implementation-form-anti-spam/36227377
TL;DR
Duplicate password input field but visually hidden, so real users can not fill it, but bots see it and fill it, if honeypot field has any content, request is invalid.
Easy to implement, dont need Google account, dont need config, does not replace ReCaptcha but complements it, theres no silver bullet but everything helps, we can use a
whento enable it at compile time. :thinking: