athlon

@athlon@lemm.ee

This is a remote user, information on this page may be incomplete. View at Source ↗

I code for a hobby, and for a living 👨‍💻

⁨Comment⁩ on ⁨New bot rules, Lemmy 0.18.3, and a message about alternative Lemmy frontends on lemm.ee⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
As an author of one Lemmy front-end, I can confirm that you are potentially sharing your username and password. Unfortunately, there is no way for Lemmy front-end developers to, say, open a web socket to Lemmy instance and have you login through a web browser (which would be much prefered from security standpoint, but it is what it is).

Furthermore, from what I see, many of such instances store your password, instead of just the Bearer token. Unfortunately, from what I get, there is also no way of invalidating the Bearer tokens right now, so in the event of it getting stolen - you’re f***ed.

Now, couple of tips:
- USE 2FA AUTHENTICATION. In the event of malicious app actually stealing your credentials, you are at least a little bit more protected by this layer.
- Use password manager - do not use your banking password, please.
- Only use trusted front-ends, and in the even oft on an app, only download versions from official sources maintained by the app author.
- Make sure the instance you’re registered at has a valid HTTPS certificate.