- I make websites
- I’m okay with extreme solutions, like requiring everyone to have a Yubikey-or-similar physical key
- I really hate the trend of relying on a phone number or Google capcha as a not-a-bot detection. Both have tons of problems
- but spam (automated account creation) is a real problem
What kind of auth should I use for my websites?
Can you do some sort of proof of work? That doesn’t cut down all the bots, for sure. But it cuts down mass creation of accounts.
Edit: Have a look at how the Tor Project has managed distributed denial of service or mini-cryptocurrencies such as Monero