Have been wondering about this in terms of how safe/secure it may be to use them. Not that a Lemmy account is exactly something to fret a ton over, but I always appreciate a little more peace of mind.

Searching through here I found where Alexandrite’s dev gives a rundown to someone asking in regards to their work, but I didn’t surface similar for others. I’ve tried running some broader searches but haven’t had a ton of luck, so thought I’d ask.

  • silasEnglish
    67 months ago

    Yep, that’s OAuth you’re talking about! It needs to be implemented into Lemmy directly first before any apps or clients can upgrade to it. I’m not too clear where we are in the conversation, but I know one point discussed is that OAuth (and especially another method called OIDC) lean towards something centralized for authentication, and that goes against the decentralized nature of Lemmy.

    For now, the best things you can do as a user is:

    1. Decide which apps, clients, and developers you trust. Inspect privacy policies, ask questions, and review code if possible
    2. Enable 2-factor authentication
    3. Use a throwaway or aliased email (through SimpleLogin or similar)
    4. Use a unique password—one that isn’t used for any other accounts you have