2

I have a question about email verification and user registration. The other day I created accounts for both Twitter and Facebook and I realized in either of them I was asked to fill a CAPTCHA. And even before validating my email account I could already use my account and add friends and all that. Supposedly I had limited options, but didn't even realized it.

My question is, as I'm building a website with user registration myself and I'm planning on use this method, how to deal with spam, "junk accounts" and people that don't validate their email accounts?

And more realistically, I was thinking either asking for a CAPTCHA and an email (and let users verify their accounts later on) or asking for an email and waiting for it to be verified (with a link or a temporal password) right away. In this case, which is the best option? Thanks!!

Bruno Sacks
  • 45
  • 3

1 Answers1

0

It's debate question which is good or bad. I personally feel Use email verification by sending link on email account and verify that link on click. This will let you trusted user.

By the way captcha isn't bad. It will prevent automated account creation strongly.

Somnath Muluk
  • 55,015
  • 38
  • 216
  • 226
  • Thanks for your answer man... Yes I guess captcha + email verification is the most secure option. But would you recommend asking the user to verify his/her email account immediatly? or let him/her navigate and do stuff without being verified? – Bruno Sacks Feb 27 '12 at 09:32
  • 1
    It's upto your site need of security by `email verification`. It would be more secure if you use captcha + email verification. You can `navigate user without being verified tell him verify account by email verification within 1 week. Otherwise your account will be deleted.` – Somnath Muluk Feb 27 '12 at 09:38