Some of the finer points of our implementation, focused on achieving results while keeping the smallest possible data footprint:
- Phone-based verification is performed using a reputable third-party provider (Nexmo).
- We store a one-way hashed (SHA1) copy of phone numbers in our database, allowing us to identify repeat offenders using multiple accounts.
- We do not store clear phone numbers in our database — numbers are used for verification only at time of first project registration.
- Nexmo maintains transaction logs containing phone numbers, available to us for diagnosis of PIN code delivery problems.
- Verification PIN codes are transmitted by SMS or voice and are good for five minutes.
We have baseline registration metrics and will evaluate the effectiveness of this control over the next few days. We’ll keep an eye out for issues during this rollout — feel free to contact us via Twitter @sfnet_ops or via ticket at https://sourceforge.net/p/
Thanks for your continued support!