Use Fernet with verification codes.

michardy / account-hijacking-prevention

Software that blocks account hijacking attacks.

MIT License

2 stars 0 forks source link

Open michardy opened 7 years ago

michardy commented 7 years ago

Fernet should be used with verification codes. Use of Fernet will also allow for codes to expire.

michardy commented 7 years ago

Where do we store the key? How often is it rotated?

michardy commented 7 years ago

Moving this out of cleanup milestone. Needs mail server setup for full testing.