I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?
That’s terrible advice when password managers are a thing. Also, this is about impersonation, not credential theft.
Not everyone has access/knows how to use a password manager.
Most people have one in their browser. While I personally would recommend a proper password manager, it’s still better than reusing passwords.
Plus, if you know how to make a user on a lemmy instance (or any other web application), you pretty much know how to set up a password manager. If you know how to install an app on your phone and an extension in a browser, you’ll be able to use autocomplete pretty much always.
If you’re worried about the costs, bitwardens free plan is pretty good (and with some know-how you can even self host). There’s probably other free ones too, but that’s what I’ve been happily using.