I mean, pretending to be someone in another instance, “stealing” the username, is trivial. I see the more likely targets being instance admins or high profile users. Should we worry somewhat about this?

  • Granixo@feddit.cl
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    6
    ·
    1 year ago

    It’s something we should be worried about everywhere we go online.

    So try having at least 3 different passwords for personal accounts/websites and also contact moderators or support if you suspect your account has been compromised.

    • Vlyn@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      So try having at least 3 different passwords for personal accounts/websites

      That’s an awful take. Grab a password manager and have a random password for every single account of yours. That way all you have to do is remember a single strong password and that’s it. Instead of playing Russian roulette when one service you use gets hacked and someone gets a hold of your username / email and one of your 3 different passwords…

    • PonyOfWar@pawb.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      This isn’t about compromised accounts though. I could just create an account, give it the display name “Granixo” and your profile picture. It would look exactly like your account unless people actually click the profile or look at the profile URL.

    • n2burns
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      So try having at least 3 different passwords for personal accounts/websites

      That’s terrible advice when password managers are a thing. Also, this is about impersonation, not credential theft.

        • n2burns
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Not everyone has access/knows how to use a password manager.

          If someone have access to the internet, they almost certainly have access to a password manager. Even at work with my heavily locked-down computer and firewall, I can access BitWarden and I could do the same when I was on LastPass. Even a 10-year old Android/iPhone could be used as a KeePass vault if they aren’t comfortable with/don’t have access to a web-vault.

          If someone doesn’t know how to use a password manager, it’s really easy to learn. There are hundreds of guides and once it’s set up, the process is quicker than trying your same 3 passwords.

          Telling someone to use the same 3 passwords is about 1/3 as bad as telling someone the LifeProTip to use the same password everywhere, so you never forget it! It’s really, really bad advice especially when password managers are so easy and accessible!