@Alex83 The accounts whose e-mail and password were re-used on another site that was breached get hijacked by spammers
Top-level
@Alex83 The accounts whose e-mail and password were re-used on another site that was breached get hijacked by spammers No comments
|
@Gargron
If I understand correctly, the captured Mastodon accounts will be used to send spam.
I would do this:
1. Make the user choose a strong password when registering and changing the password.
2. Periodically check the database of accounts for the presence of passwords from the dictionary.
By the way, does it make sense to implement two-factor authentication with a password and a key file? As a key file, users can use their avatar.