athlon
@athlon@lemm.ee
This is a remote user, information on this page may be incomplete. View at Source ↗
I code for a hobby, and for a living 👨💻
- Comment on New bot rules, Lemmy 0.18.3, and a message about alternative Lemmy frontends on lemm.ee 1 year ago:
As an author of one Lemmy front-end, I can confirm that you are potentially sharing your username and password. Unfortunately, there is no way for Lemmy front-end developers to, say, open a web socket to Lemmy instance and have you login through a web browser (which would be much prefered from security standpoint, but it is what it is).
Furthermore, from what I see, many of such instances store your password, instead of just the Bearer token. Unfortunately, from what I get, there is also no way of invalidating the Bearer tokens right now, so in the event of it getting stolen - you’re f***ed.
Now, couple of tips:
- USE 2FA AUTHENTICATION. In the event of malicious app actually stealing your credentials, you are at least a little bit more protected by this layer.
- Use password manager - do not use your banking password, please.
- Only use trusted front-ends, and in the even oft on an app, only download versions from official sources maintained by the app author.
- Make sure the instance you’re registered at has a valid HTTPS certificate.