You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, an adversary can easily DOS the server by sending millions of registration requests with different usernames, so that all of the usernames will be taken, and won't be usable by legitimate users.
Users should be forced to provide a valid email address or phone number, which a code will be sent to. The user will have to send this code to the server to complete the registration process.
This complicates a brute-force attack, as the adversary would need millions of valid emails or phone numbers.
The text was updated successfully, but these errors were encountered:
Currently, an adversary can easily DOS the server by sending millions of registration requests with different usernames, so that all of the usernames will be taken, and won't be usable by legitimate users.
Users should be forced to provide a valid email address or phone number, which a code will be sent to. The user will have to send this code to the server to complete the registration process.
This complicates a brute-force attack, as the adversary would need millions of valid emails or phone numbers.
The text was updated successfully, but these errors were encountered: