Trying to understand: is it a coincidence that the gates are wide open for garbage sign ups?
At the same time the pricing is per user: 100, 1000, 5000, 10000.
is this phenomenally important security step missing deliberately to push customers through the pricing ladder by letting garbage signups flood user tables?
don’t want this to happen again: my prior site elsewhere was wordpress, it was flooded with thousands of users I had no idea where they came from, not my customers anyway, and emails looked really funny.
Why is the advanced SSO available in softr and the basic email verification missing?
You could sign up unlimited users when you don’t use the suggested softr signup block and instead use a regular softr form to store your records in airtable (the record limit will be defined by your airtable plan).
Then you can setup a make scenario to confirm those emails by sending an ‘activation link’ to the registered user email, (the link would be your make ‘hook’) then after clicking that link, airtable field ‘user email status’ will be updated to ‘confirmed’ by this hook.
Then you can setup a second automation to copy or move confirmed emails, as users of your softr app, by simply copying those records to your synced airtable users table. This is now possible because of the recent 2 way sync users feature, between softr and airtable. These are the user that will count towards your softr plan limits.
“You could sign up …”
I don’t sign up anybody, they sign up themselves, I shouldn’t be involved.
You seem to sum it up nicely in 2 paragraphs. Is there anything stopping you from recording a 5 mins videos for these 2 paragraphs.
Because The way you talk in these 2 paragraphs is as if I were your technical peer, I’m not. I’m a customer for a no-code solution.
“you can… you can… you can…”
no I can’t, I’ve tried all workarounds in all posts and got stuck in in different steps because it’s not about Make, it’s about the trio talking to each other Softr-Make-Airtable.
What’s stopping you?
I hope you understand that wasting months building something, then getting stuck because of this unknown/hidden lack of email verification, is not fair. So again what’s stopping you?
Hello again @hungrypixel! I’m genuinely sorry to hear about the challenges you’ve faced. It’s clear you’ve put in a lot of effort. However, I’d like to remind everyone that we’re all here to help and support one another. Let’s keep our interactions respectful and constructive.
In the meantime, I’ll work on getting you more information about this question.
Will reCaptcha stop someone else from pretending firstname.lastname@example.org is their own email and sign up to my website. No.
reCaptcha will also not stop someone signing up with email@example.com, firstname.lastname@example.org or email@example.com.
reCaptcha only deals with very old bots.
Email verification makes sure the email you are using is yours, and keeps the rest outside (bot or not). It’s not just about bots.
When a person signs up, they automatically receive an email, they open it, click on the verify link, and then get full access to the site.
This is how sign ups have been working for as long as I can remember. I truly don’t recall the time when this was not in place, it must have been in a distant past not in my memory.
You’re right. While reCaptcha is great for keeping bots at bay, it doesn’t verify the authenticity of an email address. We appreciate your feedback and will take it into consideration as we continue to improve our platform.
If you’d like support introducing a vetting process into your user flow in the interim (depending on your use case, it could look like the user submitting a specific document), we’re happy to help.
@hungrypixel Pricing per user and lack of email verification are certainly not related.
Whilst email verification is not yet available, you can use the “Sign in with code” block with the “Only registered users can sign in” toggle turned off. This will allow anyone to enter their email address, have a code sent to that address, and use the code to sign in or create an account in your app.
Note that this is a sign-in block, but if the user has never signed in before, a new account will be created for them.
Below may or may not be intended by design, but it is the reality:
Let me break it down for you:
Plans are: Free → Basic → Pro → Business
Softr would like everyone in the Pro and above plans ideally, visible with the “most popular” in pricing.
So free and basic get no protection whatsoever, even if they pay $600/y, their user tables are wide open for garbage sign ups to flood them.
Once they reach the number of users for the Pro plan, there is no need to keep the user table exposed to more flooding, because they are already where softr wants them to be: the Pro plan. Now and only now they get something: a cumbersome security feature designed exclusively for high risk sign ins (sensitive management data…) where every time a user signs in, they have to go to their emails to fetch a code.
Is this how you set up your own softr.io website? why do you have an email verification in place yourselves? why do you expect those who pay you $600/y to have none?
If you were us, how would you solve this problem of preventing Softr apps from being flooded? I don’t think email verification alone would solve this. We ourselves let users signup and access Softr Studio, even if they are not verified. Do you care if potentially fake accounts have access to your app? Or do you just not want to be charged if a fake account signs up to your app?
“… If none of the workarounds match your needs …” There is no workaround. There is absolutely nothing.
“… you can always wait …” softr sales reps should have said it when I asked at beginninng before I waste months building something that cannot be launched.
“… softr keeps moving forward …” please don’t move any further before fixing the stuff (email verif) that should have been there since the alpha, not even the beta.
“…how would you solve this problem…”, simple, email verification. The very same way you have it in softr.io. This is how all websites work.
“…I don’t think email verification alone would solve this…”, email verif is more than enough.
"… We ourselves let users signup and access Softr Studio, even if they are not verified… "
Not true, you sent me a verification email upon sign up. I’m not trying to verify the person, all I need is verify the email.
… Do you care if potentially fake accounts have access to your app… ?
yes, I do. My paid-for-website is not a garbage dump.
“… Or do you just not want to be charged if a fake account signs up to your app?..”
Having thousands of fake users and 0 real user, and still pay $2k/y for that, wouldn’t that be a joke?
@hungrypixel, again I’m sorry to hear that our offering is not meeting your needs.
We never intended to mislead or deceive you. We believe that Softr is a great product, primarily for client portals and internal tools, but we understand that it may not be the right fit for everyone and their use cases.
Hi James. I am in a similar scenario, as a Business Plan user, so I can understand the frustration.
What’s been needed for a long time is an improvement to current sign ups. It should ensure that users in our Softr users table who have signed up, from the sign up block, have at least had their email addresses authenticated. The Sign In With Code block does this, but does not suffice for sign up:
It doesn’t assign them a password for subsequent log in
It lacks optional user fields
It lacks user terms/privacy agreement links
It logs in the user without capturing their info
But it does show that Softr already authenticates email addresses natively.
So Softr could deploy email verification with sign up, or at least email authentication. My question is why haven’t you applied this functionality to the Sign Up block by now?