vercel[bot]
commented
9 months ago The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| starter-kit | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Dec 1, 2023 9:32am |
karrui
Current entropy is quite low, and thus we should increase the number of characters of our OTP so the entropy becomes high enough to not be easily brute forced.
The implementation in this PR only uses uppercase characters, and removes some ambiguous characters from the alphanum space, so the resulting character set is 32 characters (aka crockford base32). This set is chosen for a better UX where users do not have to switch between upper and lowercase characters when entering the OTP.
Also added FormSG-like OTP prefix in case emails are delayed etc.
also update bad_request to not retry