ArtemShatalov
commented
6 years ago Captcha is used there to prevent receiving spam to populous email. Signup and login processes aren't connected to populous email.
Open PeterWong1 opened 6 years ago
ArtemShatalov
commented
6 years ago Captcha is used there to prevent receiving spam to populous email. Signup and login processes aren't connected to populous email.
PeterWong1
commented
6 years ago Is there the possibility that "SIGN UP" and "LOG IN" can also be manipulated. Such that someone setup a bot to continuously sign up and repeatedly try to login if email address is known by continuously generating passwords? Could this be considered as another layer of security against automated hack attack?
PopulousMarkHarrison
commented
6 years ago Bittrex uses a Captcha during their login process. The picture cycle through until "cars" or whatever are completely eliminated
PopulousMarkHarrison
commented
6 years ago Coinbase uses IP/Device profile logging with email confirmation required, however that might end up being insecure in its own right due to retaining logs tied to accounts.
Suggestion - reCAPTCHA is used for https://populous.co/contact.php but not for "SIGN UP" and "LOG IN". Any reason why "SIGN UP" and "LOG IN" does not require this feature.