G59@lemmy.ml to Fediverse@lemmy.mlEnglish · edit-21 year agoPSA: Lemmy.world has been compromised!message-squaremessage-square207fedilinkarrow-up1348file-text
arrow-up1348message-squarePSA: Lemmy.world has been compromised!G59@lemmy.ml to Fediverse@lemmy.mlEnglish · edit-21 year agomessage-square207fedilinkfile-text
minus-squareeerongal@ttrpg.networklinkfedilinkEnglisharrow-up16·1 year ago Definitely opens up a big question about the security of Lemmy instances that I am sure will be discussed over the next few days. They added 2FA login to lemmy in one of the newer updates. Probably pretty pertinent for any admins to use it…
minus-squareebits21@lemmy.calinkfedilinkEnglisharrow-up10·edit-21 year agoIt’s buggy and missing some key checks to make sure it’s working when you set it up. Real risk of locking yourself out of your account.
minus-squareeerongal@ttrpg.networklinkfedilinkEnglisharrow-up3·1 year agooh, really? maybe i’ll turn mine off then…Thanks for the heads up!
minus-squareebits21@lemmy.calinkfedilinkEnglisharrow-up6·1 year agoMostly a risk on initial setup. I’ve been waiting a bit for it to stabilize and just using huge random passwords
minus-squareZetaphor@zemmy.cclinkfedilinkEnglisharrow-up4·1 year agoIf you’re using a password manager you’d be doing this for every site and without even having to think about it. Bitwarden is a great choice.
minus-squareebits21@lemmy.calinkfedilinkEnglisharrow-up1·edit-21 year agoOh I do. Used Bitwarden for many years. I actually use keepass for totp codes too.
minus-squarebdonvr@thelemmy.clublinkfedilinkEnglisharrow-up3·1 year agoAlso I believe this was achieved through cookie stealing, which 2FA would not have helped
minus-squarebdonvr@thelemmy.clublinkfedilinkEnglisharrow-up1·1 year agoToo bad it doesn’t work with several 2FA apps and right now…
They added 2FA login to lemmy in one of the newer updates. Probably pretty pertinent for any admins to use it…
It’s buggy and missing some key checks to make sure it’s working when you set it up.
Real risk of locking yourself out of your account.
oh, really? maybe i’ll turn mine off then…Thanks for the heads up!
Mostly a risk on initial setup.
I’ve been waiting a bit for it to stabilize and just using huge random passwords
If you’re using a password manager you’d be doing this for every site and without even having to think about it. Bitwarden is a great choice.
Oh I do. Used Bitwarden for many years.
I actually use keepass for totp codes too.
Also I believe this was achieved through cookie stealing, which 2FA would not have helped
Too bad it doesn’t work with several 2FA apps and right now…