As much as any other app I've seen, but I would still recommend using unique credentials for Lemmy.
I'll make sure to let you know if I see it anywhere.
All of the apps have you enter your credentials into their page because Lemmy doesn't support OAuth2. I don't think it's fair to criticize Voyager for a problem that is currently inherent to all Lemmy apps.
You're correct, but by maintaining distinct passwords with a password manager you make sure only the one account is compromised. 2FA also helps, you may have the username and password, but the 2FA code that you were given needs to be used immediately or else it will expire, and an expired 2FA code won't allow you to successfully breach the account you're trying to break into to.
That's fair, but sometimes a malicious actor will attempt to covertly contribute code that introduces a security vulnerability.
Indeed, this is a real weak spot with Lemmy's security. I honestly think we need to place more emphasis on implementing OAuth2, when I have the time I'll have to take a look at that again to see if I'm able to.
This is why a paper trail is so important. When shit hits the fan they will always try to blame you, so you need written or audio proof that they issued the order.
The past few hours, it was recent.
For the best. Knowing that this hacking technique is a vulnerability with the Lemmy project as a whole, I think it's reasonable for instances to temporarily close while a fix is implemented.
Deeply unfortunate that something like this could happen, you always hope that code injection vulnerabilities are found before someone is hacked. With that in mind, this shows the importance of two security principles: always parse and clean user input and don't click links (including images) before checking where they are going to send you.
Deeply unfortunate that something like this could happen, you always hope that code injection vulnerabilities are found before someone is hacked. With that in mind, this shows the importance of two security principles: always parse and clean user input and don't click links (including images) before checking where they are going to send you.
view more: next ›
Discord isn't a good alternative, it's not the same type of social media site. Discord is more of a chatroom aggregator, while Reddit is more of a forum aggregator. While Reddit technically supports chats and Discord technically supports threads, in both cases they're clunky and not the main point of the site.