We are developing a web application where user has to input a One Time Password (which we email to the users) to complete an operation. However, if a malicious user develops a bot and guesses the pattern in which we generate the One Time Password, he can input some random email id and by not even looking at the email he can confirm the transaction. That way he can attack the system with false confirmations. Can someone please let us know how people deal with this?
Thanks
Just use random password without patterns. The advantage is you can make the password longer if it is clickable in the mail because the user doesn't have to type it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With