It seems like they are down for a longer time now. How will they recover? Does longer down mean they will have to do more catching up with other instances? Can I get updates somewhere?

  • Illogicalbit@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Hacking an account is still a valid concern though for various reasons , and hashes can still be used against password lists. Additionally, Two factor authentication is a necessity for sure. Now don’t get me wrong, I completely understand this feature is coming and that this is a developing service but many of these concerns do seem valid to me.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Hacking an account is still a valid concern though for various reasons

      Let’s assume you’re doing the best practice thing and using a long and unique password for each service you use.

      What benefit does a hacker have hacking your lemmy-based account? Considering that everything you post is public… There’s simply nothing of value that you would obtain by “hacking” an account here… The only thing I can think of is if your a moderator of a community or an admin of an instance.

      I just don’t see any value to it… But even then… 2fa is slated for v0.18 which is probably coming out in the next few weeks.

      • Illogicalbit@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Mostly thinking impersonation, spamming, deletion or modification of history…. Although I’m sure there are probably other reasons too.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        2fa is slated for v0.18 which is probably coming out in the next few weeks.

        Only basic TOTP 2FA though. Webauthn/FIDO2 should be coming in the future though.

    • WaveCommander@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Simply salting hashes would be enough to prevent password hash list lookups. Agreed, 2FA is pretty essential, though I can understand not implementing it where people don’t care about the integrity of their pseudonyms. As it gains popularity, it will need to be implemented