General Discussion

12044 readers

58 users here now

Welcome to Lemmy.World General!

This is a community for general discussion where you can get your bearings in the fediverse. Discuss topics & ask questions that don't seem to fit in any other community, or don't have an active community yet.

🪆 About Lemmy World

🧭 Finding Communities

Feel free to ask here or over in: [email protected]!

Also keep an eye on:

For more involved tools to find communities to join: check out Lemmyverse!

💬 Additional Discussion Focused Communities:

[email protected] - Note this is for more serious discussions.
[email protected] - The opposite of the above, for more laidback chat!
[email protected] - Into video games? Here's a place to discuss them!
[email protected] - Watched a movie and wanna talk to others about it? Here's a place to do so!
[email protected] - Want to talk politics apart from political news? Here's a community for that!

Rules

Remember, Lemmy World rules also apply here.

0. See: Rules for Users.

No bigotry: including racism, sexism, homophobia, transphobia, or xenophobia.
Be respectful. Everyone should feel welcome here.
Be thoughtful and helpful: even with ‘silly’ questions. The world won’t be made better by dismissive comments to others on Lemmy.
Link posts should include some context/opinion in the body text when the title is unaltered, or be titled to encourage discussion.
Posts concerning other instances' activity/decisions are better suited to [email protected] or [email protected] communities.
No Ads/Spamming.
No NSFW content.

founded 1 year ago

MODERATORS

Jessica

ElectroVagrant

fubo

Improving account security in Lemmy apps (self.general)

submitted 1 year ago by Techie to c/general

2 comments fedilink hide all child comments

I've been thinking about a feature that might improve account security with regards to logging in to Lemmy apps. Currently there's a lot of new apps being developed for Lemmy and I'm a bit hesitant to log in with my main account so I use a separate account for testing. Not that I don't trust the developers but I think there's some security risk with providing your username and password to any random app that could use it in the wrong way either intentionally or not (due to a bug).

So my suggestion is to add a new feature to the account settings page on the web server/instance that allows you to setup a secondary password (maybe as a sub-account) with separate/custom permissions. This secondary account/password would be used for logging in to apps (or even on the main server web page) instead of using your main account/password.

For example, you could change the permissions for the secondary account to only allow creating new posts/comments and vote, but to deny deleting posts/comments, changing the password or email address or to delete your account (you would have to log in with the main account/password on the web server to be able to perform those actions).

This would reduce the risk of someone taking over your account if the secondary password is leaked for example.

What do you think?

you are viewing a single comment's thread
view the rest of the comments

[–] Echo 2 points 1 year ago (1 children)

Have not interacted with Lemmy apps since nothing is out of beta yet on iOS but I would like to think that these apps are not storing your password.

Instead they point you to your Lemmy instance where you log in there and the instance provides a token to the app (OAuth). This token is then used to interact in an authenticated fashion.

If this is not what is happening I share you opinion on a mechanism being desirable to control who has access to your password.

[–] Techie 1 points 1 year ago

That's a good point, though in the apps I've tested so far the password is entered inside the apps without opening the lemmy.world webpage.