this post was submitted on 18 Jul 2025
1043 points (99.4% liked)
Technology
73035 readers
3305 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How would you solve replay attacks? Like a million people, of age or not, sharing the same key?
Maybe you could limit the number of verifications a key can have in a day? Limit it to say 10 verifications per day. So if you're on Pornhub and have an account, you can have the key associated with the account, verified, and so you don't need to re-verify. But if you go on 10 completely different sites and verify for each one, you can't verify after that 10th one within the same 24hr period?
You could maybe also include guidelines for integration where if a key is associated with an account, that key can't be used for any other account. You can include that under some requirement that says you have to make 'best efforts' to ensure that a key is only ever used by one account at a time. That way, if a million people are sharing the same key, you'd have to trust that all one million of them will never associate that key with their account because if they do, it invalidates that key for every use other than through that account on that site.