It seems like they are down for a longer time now. How will they recover? Does longer down mean they will have to do more catching up with other instances? Can I get updates somewhere?

  • Illogicalbit@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Hacking an account is still a valid concern though for various reasons , and hashes can still be used against password lists. Additionally, Two factor authentication is a necessity for sure. Now don’t get me wrong, I completely understand this feature is coming and that this is a developing service but many of these concerns do seem valid to me.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Hacking an account is still a valid concern though for various reasons

      Let’s assume you’re doing the best practice thing and using a long and unique password for each service you use.

      What benefit does a hacker have hacking your lemmy-based account? Considering that everything you post is public… There’s simply nothing of value that you would obtain by “hacking” an account here… The only thing I can think of is if your a moderator of a community or an admin of an instance.

      I just don’t see any value to it… But even then… 2fa is slated for v0.18 which is probably coming out in the next few weeks.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        2fa is slated for v0.18 which is probably coming out in the next few weeks.

        Only basic TOTP 2FA though. Webauthn/FIDO2 should be coming in the future though.

      • Illogicalbit@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Mostly thinking impersonation, spamming, deletion or modification of history…. Although I’m sure there are probably other reasons too.

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Impersonation - Not sure this matters unless you’re a mod or admin. Spamming - Just make the accounts yourself… it’s going to be infinitely easier to just make spam accounts from nothing (since it’s free anyway) than to designate resources to cracking a password. Deletion/Modification of history - modlogs allow reverting ALL changes outside of full account deletion. Full account deletion - Well that’s annoying at the very least. But not like it’s the end of the world or has any actual cost associated with it.

          It’s a lot of work to do so little actual damage. It’s not like twitter where hacking Elon’s account can actually lead to monetary gain.

    • WaveCommander@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Simply salting hashes would be enough to prevent password hash list lookups. Agreed, 2FA is pretty essential, though I can understand not implementing it where people don’t care about the integrity of their pseudonyms. As it gains popularity, it will need to be implemented