:

submitted a long while ago by @ to c/@

0 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] joyjoy@lemm.ee 69 points 7 months ago

pictured: Nothing Chats

[-] verdare@beehaw.org 31 points 7 months ago

The fact that you have to enter your iCloud credentials directly into the app was a red flag.

Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI. This is why we have tokens and federated login. Third parties should never see your Google/Apple/whatever credentials.

[-] ALostInquirer@lemm.ee 6 points 7 months ago

Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI.

By chance, would you (or some other passerby) happen to know how this is handled with the Lemmy apps/interfaces? I've been mixed on using them since I'm unclear how they're handling this info.

[-] verdare@beehaw.org 8 points 7 months ago* (last edited 7 months ago)

Hmmm, that’s a good point. I did type my Lemmy credentials directly into at least two different apps. I guess it would be better if it redirected to a login page provided by my instance (Beehaw). But I also don’t consider my Lemmy account to be very critical. It’s not a huge deal if it gets compromised, as long as it’s not associated with my real identity.

EDIT: Also, I use a password manager, so a leak of my randomly generated Lemmy password shouldn’t affect anything else.

load more comments (10 replies)

this post was submitted on 01 Jan 0001

0 points (NaN% liked)

0 readers

0 users here now

founded a long while ago