I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
It’s something we should be worried about everywhere we go online.
So try having at least 3 different passwords for personal accounts/websites and also contact moderators or support if you suspect your account has been compromised.
That’s an awful take. Grab a password manager and have a random password for every single account of yours. That way all you have to do is remember a single strong password and that’s it. Instead of playing Russian roulette when one service you use gets hacked and someone gets a hold of your username / email and one of your 3 different passwords…
This isn’t about compromised accounts though. I could just create an account, give it the display name “Granixo” and your profile picture. It would look exactly like your account unless people actually click the profile or look at the profile URL.
That’s terrible advice when password managers are a thing. Also, this is about impersonation, not credential theft.
Not everyone has access/knows how to use a password manager.
Most people have one in their browser. While I personally would recommend a proper password manager, it’s still better than reusing passwords.
Plus, if you know how to make a user on a lemmy instance (or any other web application), you pretty much know how to set up a password manager. If you know how to install an app on your phone and an extension in a browser, you’ll be able to use autocomplete pretty much always.
If you’re worried about the costs, bitwardens free plan is pretty good (and with some know-how you can even self host). There’s probably other free ones too, but that’s what I’ve been happily using.