I’ve been thinking about a feature that might improve account security with regards to logging in to Lemmy apps. Currently there’s a lot of new apps being developed for Lemmy and I’m a bit hesitant to log in with my main account so I use a separate account for testing. Not that I don’t trust the developers but I think there’s some security risk with providing your username and password to any random app that could use it in the wrong way either intentionally or not (due to a bug).
So my suggestion is to add a new feature to the account settings page on the web server/instance that allows you to setup a secondary password (maybe as a sub-account) with separate/custom permissions. This secondary account/password would be used for logging in to apps (or even on the main server web page) instead of using your main account/password.
For example, you could change the permissions for the secondary account to only allow creating new posts/comments and vote, but to deny deleting posts/comments, changing the password or email address or to delete your account (you would have to log in with the main account/password on the web server to be able to perform those actions).
This would reduce the risk of someone taking over your account if the secondary password is leaked for example.
What do you think?
Have not interacted with Lemmy apps since nothing is out of beta yet on iOS but I would like to think that these apps are not storing your password.
Instead they point you to your Lemmy instance where you log in there and the instance provides a token to the app (OAuth). This token is then used to interact in an authenticated fashion.
If this is not what is happening I share you opinion on a mechanism being desirable to control who has access to your password.
That’s a good point, though in the apps I’ve tested so far the password is entered inside the apps without opening the lemmy.world webpage.
