Auth0 Community

How to prevent abuse of the account/password-based signup

wuxinhua.cn January 24, 2026, 12:57am 1

I keep running into those users -
who mass-register accounts in every possible way.

It’s honestly getting exhausting.
Has anyone dealt with this before using auth0 or something similar?

email email_verified provider
sdfsdsfsdf@gmail.com FALSE auth0
sdfasdf@gmail.com FALSE auth0
xxxsdfasdfsd@gmail.com FALSE auth0

nik.baleca January 28, 2026, 5:20pm 4

Hi @wuxinhua.cn

I am sorry about the delayed response to your topic!

Since these email addresses appear be to be potential bots mass registering in your application you can:

Enable Bot Detection - Dashboard → Security → Attack Protection → Bot Detection. This forcers a captcha challenge when the system detects suspicious behaviour.
Enforce email verification or SMS MFA on Signup - Since these accounts can be potential bots, it will be much harder to register with them while needing to verify the email itself or use multiple numbers for the MFA process.
Enable Suspicious IP Throttling - Security > Attack Protection > Suspicious IP Throttling - If the signup requests originate from the same IP or similar ones, it will block after multiple failed attempts

If you have any other questions, let me know!

Kind Regards,
Nik

system Closed February 11, 2026, 5:21pm 5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
What is the use case for spam sign ups? Get Help attack-protection , suspicious-ip-throttling	2	107	October 2, 2024
Tons of new signups, possibly spam? Get Help login-experience , signup-prompt-new-experience	2	226	October 29, 2024
How to prevent malicious registration Get Help email-verification , user-management	4	488	December 17, 2024
Bot keeps creating accounts, starting som hour after initial launch Get Help bot-detection , attack-protection	0	958	May 25, 2023
Preventing user enumeration on sign up Get Help sign-up	8	8433	May 29, 2023