I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?

  • n2burns@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    So try having at least 3 different passwords for personal accounts/websites

    That’s terrible advice when password managers are a thing. Also, this is about impersonation, not credential theft.

    • Granixo
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Not everyone has access/knows how to use a password manager.

      • n2burns@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Not everyone has access/knows how to use a password manager.

        If someone have access to the internet, they almost certainly have access to a password manager. Even at work with my heavily locked-down computer and firewall, I can access BitWarden and I could do the same when I was on LastPass. Even a 10-year old Android/iPhone could be used as a KeePass vault if they aren’t comfortable with/don’t have access to a web-vault.

        If someone doesn’t know how to use a password manager, it’s really easy to learn. There are hundreds of guides and once it’s set up, the process is quicker than trying your same 3 passwords.

        Telling someone to use the same 3 passwords is about 1/3 as bad as telling someone the LifeProTip to use the same password everywhere, so you never forget it! It’s really, really bad advice especially when password managers are so easy and accessible!

      • SaituriHiiva@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Most people have one in their browser. While I personally would recommend a proper password manager, it’s still better than reusing passwords.

        Plus, if you know how to make a user on a lemmy instance (or any other web application), you pretty much know how to set up a password manager. If you know how to install an app on your phone and an extension in a browser, you’ll be able to use autocomplete pretty much always.

        If you’re worried about the costs, bitwardens free plan is pretty good (and with some know-how you can even self host). There’s probably other free ones too, but that’s what I’ve been happily using.