It seems like they are down for a longer time now. How will they recover? Does longer down mean they will have to do more catching up with other instances? Can I get updates somewhere?

  • WaveCommander@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Sites don’t store passwords, they store password hashes. There is no reason to give any personal info you aren’t comfortable giving. You can use the site just fine without posting any

    • Illogicalbit@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Hacking an account is still a valid concern though for various reasons , and hashes can still be used against password lists. Additionally, Two factor authentication is a necessity for sure. Now don’t get me wrong, I completely understand this feature is coming and that this is a developing service but many of these concerns do seem valid to me.

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Hacking an account is still a valid concern though for various reasons

        Let’s assume you’re doing the best practice thing and using a long and unique password for each service you use.

        What benefit does a hacker have hacking your lemmy-based account? Considering that everything you post is public… There’s simply nothing of value that you would obtain by “hacking” an account here… The only thing I can think of is if your a moderator of a community or an admin of an instance.

        I just don’t see any value to it… But even then… 2fa is slated for v0.18 which is probably coming out in the next few weeks.

        • Illogicalbit@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Mostly thinking impersonation, spamming, deletion or modification of history…. Although I’m sure there are probably other reasons too.

        • dan@upvote.au
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          2fa is slated for v0.18 which is probably coming out in the next few weeks.

          Only basic TOTP 2FA though. Webauthn/FIDO2 should be coming in the future though.

      • WaveCommander@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Simply salting hashes would be enough to prevent password hash list lookups. Agreed, 2FA is pretty essential, though I can understand not implementing it where people don’t care about the integrity of their pseudonyms. As it gains popularity, it will need to be implemented