oh. Nevermind then. I think this should be enough. maybe OpenID Connect support would be nice

Oh, you can easily bypass passkeys with automation. Don't even need an image recognition model, just a QR-code scanner like zbarimg.

But i never tried googles passkey feature since it never seemed as secure as a 48 char computer generated password. So I'm not sure exactly how it works.

Go tead the FIDO threat model if you want to understand how it protects against specific attacks. It is pretty secure.

https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html

Finally I had to choose an app, as there is no official one

It's called Jerboa and it's one of the worse ones, but it does exist

Passkeys are much better. Unlike what FAANG companies want you to believe, they do not have to be tied to a device. Use a password manager that supports them (BitWarden) and pretty much never get hacked again because of a password. Website doesn’t need to store anything that an attacker can use. No downside.

That’s a pretty wild claim. It almost sounds like you don’t know what a passkey is. Explain.

I did always think that a shared (somehow) login would be great; but how do you federate that? Do you? What if the original server goes down? How does moderation work?

It gets really complicated really fast.

Oh I don't know what it is, sorry I thought I made that clear. But a quick search on the internet said it was basically 2fa with a qr code and since the issue was how it would protect Lemmy from. Bots I just thought it wouldn't be hard for a not to read a qr code.

I’m not in a rush to endorse client apps adding large, experience changing features. That will radically alter the way different users interact with the service, they might need two apps to get all the features they want, etc

Sounds like a good way to make things even MORE confusing for new users.

The best center-right news sources are behind a paywall. The crazy ones, those are free.

Any thoughts on

https://fedi.tips/

I haven’t really used it since I wanted to populate my Mastodon timeline. Now it’s happening a little bit more naturally, through boosts and hashtags.

Any recommended reading for pass keys to get me up to speed? I use Bitwarden and have been happy enough with just passwords via that for a long time now. Only time I've seen pass keys mentioned really was Google trying to push it on me but I don't use their password manager.

For the uninitiated it’s basically a 1:1 clone of Apollo for Reddit. Hell, even the app’s name is derivative!

That said it’s still one of the best Lemmy apps for iOS and is a testament to Christian Selig’s original vision.

Finally I had to choose an app, as there is no official one. Now I’m in Mlem, but I don’t know if it’s better or worse than the others.

I'm just here from Reddit after the Boost app finally stopped working. So now I'm running "Boost for Lemmy", would definitely recommend it. It was one of the best 3rd party Reddit clients.

ml is the Internet country code top-level domain(ccTLD) for Mali.

This is completely untrue and I don't know why people keep repeating this.

Because people with the @lemmy.ml tag are constantly saying the dumbest tankie shit ever.

When I see someone say Ukraine in 2014 was a CIA backed coup against the democratically elected pro russian government - it comes from that server, every time

I wonder how moderating would work in a merged community. Would mods not from instance X only be able to hide a post from that instance from the merged community, or would they have power to remove a post from another instance? I’d imagine that is one of the hiccups of a feature like this, it is a shame it has been collecting dust though