My app has a free plan, it gives credits to new users. I’m worried about malicious registration that might deplete my free credits.
Since there’re plenty of free fake email address provider, how can I harden the registration process to filter potentially unwanted users?
Hi,
I’d recommend adding a Pre-User-Registration Hook where you can apply your own logic.
Also, definitely utilize bot detection with ReCaptcha support…it’s included in Auth0 and will give your app an extra layer of security against automated attacks
Any documents on that?
Hi @amooW6ojoh,
You could use Bot Detection to enforce a Captcha to prevent malicious registrations from happening.
Secondly, you could enforce a requirement for email verification to login to restrict users from logging in until they have verified their email address. See the Best Practice of Enforcing Email Verification knowledge article.
And if you need to perform some validation checks prior to registration, you must use a Pre-user Registration Trigger instead of a Hook because Hooks are no longer supported.
Thanks,
Rueben