Email verification code
PREFERRED · NOT OPENThe lower-cost first choice for website registration, sign-in, and update-email confirmation. No code is sent until the sending domain and server-side credentials are ready.
ONE IDENTITY / UNIFIED ACCOUNT
brbrhu.com and 4G Dongle Manager use one users record and one user_id. When an email user later binds a phone number, the phone is merged into the current user—not turned into a second account.
SIGN IN
Codes are server-side hashed, valid for five minutes, single-use, and locked after five failed attempts. Email or phone, IP, and device rate limits are required.
The lower-cost first choice for website registration, sign-in, and update-email confirmation. No code is sent until the sending domain and server-side credentials are ready.
Opens only after Aliyun SMS approval, CAPTCHA 2.0, rate limits, anti-bombing controls, and a cost ceiling. Binding a phone to an email user updates the current user_id only.
ACCOUNT CENTER
See the Macs signed in to one account, their names, and recent activity.
NOT OPENSee this Mac's traffic and the aggregate for all devices in the current cycle.
NOT OPENSee two free initialization credits, the remaining balance, and future purchases.
NOT OPENAfter sign-in, bind read content to the same user_id so update reminders stay consistent across devices.
NOT OPENSESSION SAFETY
An HttpOnly, Secure, SameSite session cookie keeps long-lived credentials out of browser scripts.
Short-lived Bearer access tokens and revocable, rotating, per-device refresh tokens are stored in macOS Keychain.
Email and phone both map to one users.id. Phone binding must complete inside the current authenticated session and cannot create another user.
Anonymous read state stays in first-party browser storage, with no IP address or device fingerprint used as identity. It syncs to one user_id only after real sign-in opens.