I’m trying to change a bit a user login system created by Phx.gen.auth. Normally, when a user creates an account, they get an email with link they have to click on to verify their email.
I would like to change that so the user receives the 6-digit number which they have to enter to the form to verify their email. I built most of it already and it works but I got stuck when user tries to reset their password. Also, there are some security issues I’m worried about, like, 6-digit number is only 1 million numbers which can be easily brute-forced. I would probably have to implement some other checks and limit the number of attempts…
There is NibleTopt library out there, but that’s for time based passwords when using 2-factor auth which is not what I’m looking for here.
So, I don’t have a real question here… I’m looking for some best practices if someone has tried to implement a similar system or if you know some open-source project which I could check, that would be awesome.