mzur
commented
3 years ago Alternatively we could implement an email address confirmation mechanism. This would also prevent the (increasingly frequent) registrations with an incorrect email address.
Open mzur opened 3 years ago
mzur
commented
3 years ago Alternatively we could implement an email address confirmation mechanism. This would also prevent the (increasingly frequent) registrations with an incorrect email address.
mzur
commented
2 years ago We should implement email address verification for new users. Make it optional (like the manual confirmation through admins) so it can be turned off. Once an account is verified, the confirmation email is sent to the admins and the account can be manually activated.
BIIGLE could send a montly wrapup of accounts without verified email addresses to the admins, so these accounts can be deleted. Existing accounts should be assumed as verified.
Edit: As long as the email address of a user is not verified, they should be listed as "never logged in" in the admin panel.
Laravel 9 already includes an email verification mechanism that we could use.
mzur
commented
1 year ago Currently we see lots of students signing up who have weird email naming schemes of their universities. They often make typos and enter incorrect email addresses. I'm raising the priority here because I think the email verification will be more and more important in the future.
mzur
commented
3 months ago Lowering priority again as other things are more important right now.
At biigle.de bot sign-ups seem to be increasing. While the existing defenses prevent most basic bots, some get through with seemingly valid names and email addresses and random affiliations (although the names do not fit the email addresses).
Consider to implement an option for something like hCaptcha for the sign-up form.Edit: The honeypot/honeytime mechanism seems to be quite effective against bots. This is now mostly about preventing typos in the email addresses.