IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [registration]

Registration can refer to: (-) The act of making an identity on a service (like getting a Facebook account) (-) The process of getting credentials from a service (like using OpenID to login to Stack Exchange) (-) The protocol to get information from a system (like getting updates from a Forum you want to follow)

Registration can refer to:

  • The act of making an identity on a service (like getting a Facebook account)
  • The process of getting credentials from a service (like using OpenID to login to Stack Exchange)
  • The protocol to get information from a system (like getting updates from a forum you want to follow)

This tag should be applied when a question is about:

  • A security issue that can occur with a registration process.
  • A question about an attack vector on the registration process.
  • A question security consideration for a registration process.
50 questions
5
votes
1 answer

Are there any proposals for email verification without a confirmation email?

Being able to confirm your email without waiting for a verification email would be a major improvement to many registration processes. In theory this could be done using a technique based on OAuth, OpenID or similar. Of course, both the site and the…
paj28
  • 32,736
  • 8
  • 92
  • 130
5
votes
3 answers

Receiving lots of spam after registering a new domain on GoDaddy

A couple of days ago I have registered a new domain on GoDaddy without WHOIS privacy option. The next day after registration I have started receiving spam in my mailbox as well as on my phone. The domain is dormant in the sense that it is not used…
Alexander K.
  • 193
  • 6
4
votes
1 answer

How is this registration setup vulnerable?

I'm developing a mobile app for iOS and Android that has, due to specs that are given by management, some security flaws. However, I can't quite explain in concrete business speak why the specs are not secure, and thus I can't convince them to…
markovchain
  • 141
  • 3
4
votes
2 answers

Is there any security threat due to returning password on form submitting failure (for example on a signup page)?

Let say that we have a registration page on a website, why shouldn't we return passwords like username, names or any other information on form submitting failure? For example: User goes to example.com/signup.php and enter his/her desired username,…
Amirreza Nasiri
  • 867
  • 2
  • 9
  • 15
4
votes
1 answer

Asking for Password After Email Validation?

I do not want to discuss the pros and cons of email validation, but want to know if there are any potential downsides (security and otherwise) to a user entering his password only after he has already validated his email address (clicked the…
Hawkken
  • 41
  • 3
3
votes
3 answers

Advantages to alphanumeric-only usernames?

Let's say we are setting up some registration form for some website. I know that if input fields aren't sanitized then SQL injection can happen. But let's say all fields are sanitized correctly. Is there any advantage to having alphanumeric-only…
Patosai
  • 133
  • 1
  • 1
  • 5
3
votes
1 answer

A workaround for external website's HTTP registration page

There is a website which I want to register for but it is a internship/job-seeking website and thus on registration some VERY sensitive data is required. When registering Firefox alerted me that the site was only HTTP, so I tried prefixing https://…
Scott Anderson
  • 133
  • 4
2
votes
0 answers

'Fake SSO & self registration' access to a web api

I was asked to design and implement a solution that I have some security concerns about. The customer has a web application into which users log in using their credentials. The customer wants to add a button in that application which should…
Bartosz
  • 121
  • 3
2
votes
3 answers

When a user tries to register with an unactivated email again, should I tell user that the emails has not been activated?

Suppose my site needs to register for a member account with email, and the email needs to be verified and activated. I forbid users to register with same email twice. When it does, should I remind the user to activate the email? Or just display the…
ocomfd
  • 525
  • 1
  • 4
  • 7
2
votes
2 answers

Facebook mobile app is often asking about my phone number for registeration, field is entered already. Where does facebook take this phone numbers?

Facebook mobile app is often asking about my phone number for registration. It shows a screen saying that "Keep your account secure and keep using it securely" and "We are trying to help you to secure your account .... register your phone number…
Erce Tilav
  • 129
  • 3
2
votes
2 answers

Skill testing question in registration page

I've seen some registration pages that have a "skill testing question" in addition to having a captcha. These skill testing questions are usually easy trivia, such as "what is 2 + 2" or "who invented the light bulb?". Registration will not go…
Celeritas
  • 10,039
  • 22
  • 77
  • 144
2
votes
2 answers

Enrolling Users Best Practices

I am working on a site where the administrators enroll the users. Currently, after the user is created, they are assigned a password and sent an email with a link that has them confirm their email. After that, they can log in. Is it a good idea to…
Ron Saylor
  • 21
  • 1
1
vote
1 answer

What are the best practices to create a safe and performant user registration and validation with Nodejs and Postgres?

I've been asked to write an app with registration and login systems. In essence, I've already wrote the first version of their app using PHP, some javascript/jquery and storing data in MySQL. It worked for a time but now they are growing and…
Grogu
  • 111
  • 3
1
vote
2 answers

How can it be that I can't register on a website while my VPN is on

I've had problems with making a account on a website (https://etsy.com) I tried different browsers, disabeling all my plugins with no succes. I use a VPN service that automaticly turn on when I start my PC. My last deperate atempt was to turn my VPN…
Patrick
  • 11
  • 1
1
vote
2 answers

Do registration codes need expiry?

I work on an application where users are sent a unique registration code in the post. They use this, along with other personal information known to the user, to confirm the identity of the user upon creating a new account. Does the unique…
Daniel
  • 11
  • 1
1
2
3 4