

Ask HN: SMS to verify users - thedangler

Is sending a user a code via SMS a good way to prove they are a real user?  Couldn't a bot be attached to a phone which fills out forms and waits for codes for that site?
======
inerte
I forgot my password on Google and asked for the code that would allow me to
change it to come via SMS. Took 2 weeks :(

I'm from Brazil, maybe that's why it took so long.

------
thedangler
Thanks for the comments. I appreciate everyones incites.

------
scrrr
just add a unique-constraint to your phone-number-column and it should be
fine.

~~~
inerte
You're right about some kind of constraint, but what would happen if the user
says the SMS never came and needs another? :) Some kind of rate limiting (one
per day?) is necessary.

------
eof
It seems a lot more resource intensive to have a bot responding to SMS
messages from many different phone numbers than more traditional ways of
gaming the system.

So unless becoming a user on your site is worth much much more than the
average site, just the increased barrier, even if not totally secure, should
be enough to keep the vast majority of bots away.

