I code as a hobby, and for a living 👨‍💻

Creator of Leomard App 🐱

Join the !leomard@lemm.ee!

  • 0 Posts
  • 2 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle
  • As an author of one Lemmy front-end, I can confirm that you are potentially sharing your username and password. Unfortunately, there is no way for Lemmy front-end developers to, say, open a web socket to Lemmy instance and have you login through a web browser (which would be much prefered from security standpoint, but it is what it is).

    Furthermore, from what I see, many of such front-ends store your password, instead of just the Bearer token. Unfortunately, from what I get, there is also no way of invalidating the Bearer tokens right now, so in the event of it getting stolen - you’re f***ed.

    Now, couple of tips:

    • USE 2FA AUTHENTICATION. In the event of malicious app actually stealing your credentials, you are at least a little bit more protected by this layer.
    • Use password manager - do not use your banking password, please.
    • Only use trusted front-ends, and in the even of an app, only download versions from official sources maintained by the app author.
    • Make sure the instance you’re registered at has a valid HTTPS certificate.