If one can automate account creation including saving totp secrets, you suddenly have 2fa authenticated bots able to send spam.
Maybe you could get around that to some extent by leveraging sms verification during account creation, but how do you set that up to prevent burner numbers? Or smishing?
It’s a start, but 2fa can’t stop spam.
If one can automate account creation including saving totp secrets, you suddenly have 2fa authenticated bots able to send spam.
Maybe you could get around that to some extent by leveraging sms verification during account creation, but how do you set that up to prevent burner numbers? Or smishing?
These are hard problems to address