this post was submitted on 26 Jun 2023
6 points (100.0% liked)

General Discussion

12086 readers
1 users here now

Welcome to Lemmy.World General!

This is a community for general discussion where you can get your bearings in the fediverse. Discuss topics & ask questions that don't seem to fit in any other community, or don't have an active community yet.


🪆 About Lemmy World


🧭 Finding CommunitiesFeel free to ask here or over in: [email protected]!

Also keep an eye on:

For more involved tools to find communities to join: check out Lemmyverse!


💬 Additional Discussion Focused Communities:


Rules

Remember, Lemmy World rules also apply here.0. See: Rules for Users.

  1. No bigotry: including racism, sexism, homophobia, transphobia, or xenophobia.
  2. Be respectful. Everyone should feel welcome here.
  3. Be thoughtful and helpful: even with ‘silly’ questions. The world won’t be made better by dismissive comments to others on Lemmy.
  4. Link posts should include some context/opinion in the body text when the title is unaltered, or be titled to encourage discussion.
  5. Posts concerning other instances' activity/decisions are better suited to [email protected] or [email protected] communities.
  6. No Ads/Spamming.
  7. No NSFW content.

founded 1 year ago
MODERATORS
 

I've been thinking about a feature that might improve account security with regards to logging in to Lemmy apps. Currently there's a lot of new apps being developed for Lemmy and I'm a bit hesitant to log in with my main account so I use a separate account for testing. Not that I don't trust the developers but I think there's some security risk with providing your username and password to any random app that could use it in the wrong way either intentionally or not (due to a bug).

So my suggestion is to add a new feature to the account settings page on the web server/instance that allows you to setup a secondary password (maybe as a sub-account) with separate/custom permissions. This secondary account/password would be used for logging in to apps (or even on the main server web page) instead of using your main account/password.

For example, you could change the permissions for the secondary account to only allow creating new posts/comments and vote, but to deny deleting posts/comments, changing the password or email address or to delete your account (you would have to log in with the main account/password on the web server to be able to perform those actions).

This would reduce the risk of someone taking over your account if the secondary password is leaked for example.

What do you think?

you are viewing a single comment's thread
view the rest of the comments
[–] Techie 1 points 1 year ago

That's a good point, though in the apps I've tested so far the password is entered inside the apps without opening the lemmy.world webpage.