this post was submitted on 17 Mar 2025
106 points (100.0% liked)

Fediverse

32163 readers
869 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
106
A "Sign in with fediverse" button? (lemm.ee)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
46 comments fedilink hide all child comments
 

Just like apps and websites implement "Sign in with Apple" and Google couldn't we build some kind of federated authentication provider? Then everyone creates an account there and fedi apps can implement an easy way to authenticate users. Even non fedi apps could use it. I imagine user interaction between different fediverse platforms would be much easier too.

I guess could run an auth instance. Ideally everyone would run their own, keeping your data safe.

Is there something likes this already? Saw some discussion here but not much else https://socialhub.activitypub.rocks/t/single-sign-on-for-fediverse/712

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 23 points 1 week ago (6 children)

Yeah, also if the one login gets compromised, oh boy...

Anecdote time. My first e-mail account got hacked. I still had my Steam account attached to it. Now i have a VAC Ban in CS2 because some chinese kid used it for hacking ingame.

[–] [email protected] 3 points 1 week ago (5 children)

Your password manager's login can also get compromised

[–] [email protected] 10 points 1 week ago* (last edited 1 week ago) (2 children)

So we should make a remote single point of failure, maintained by someone who probably isn’t a security expert or working on it full time?

No, this is unfortunately the opposite of what we should be doing.

EDIT: I should also add that people who make password managers literally focus on only that. They understand what they are making is a huge target and any of them worth their salt have independent audits and spend much of their time on design decisions related to security. Point being: typically the weakest link in a password manager is you. Set a good password, use a YubiKey or some other device, use 2FA, etc.

[–] [email protected] 1 points 1 week ago (1 children)

Not a single point but multiple points. Anyway I'm not gonna pretend I'm an expert in security! I just think it's a feature worth exploring.

[–] [email protected] 2 points 1 week ago

If someone runs an auth server, and I use it to identify me, and then it goes away, then I’m out of luck, my account is gone. This is the same problem we have now (with logins being tied to instances), except that it introduces a new place for a failure to occur. Rather than just relying on a lemmy instance, I also need to rely on an auth server to be maintained, safe, and secure.

If I went to another auth server, then it’d give me a different identity and that would not make much sense.

load more comments (2 replies)
load more comments (2 replies)