@[email protected] to lemmy.ml [email protected] • 2 years agoI'm going to assume the admins here all have 2FA on their accounts, right?message-square26fedilinkarrow-up157
arrow-up155message-squareI'm going to assume the admins here all have 2FA on their accounts, right?@[email protected] to lemmy.ml [email protected] • 2 years agomessage-square26fedilink
minus-squareTheSaneWriterlinkfedilink3•2 years agoThe servers should theoretically have a way to murder the tokens, but I’m not sure how Lemmy has implemented authentication so I don’t know for sure.
minus-square@[email protected]linkfedilink3•2 years agoLooks like you’re right, admins will just need to update the JWT secret.
minus-squareTheSaneWriterlinkfedilink1•2 years agoThat makes sense. Of course, updating the secret will log everyone out, but that’s a small price to pay to fix an admin breach.
The servers should theoretically have a way to murder the tokens, but I’m not sure how Lemmy has implemented authentication so I don’t know for sure.
Looks like you’re right, admins will just need to update the JWT secret.
That makes sense. Of course, updating the secret will log everyone out, but that’s a small price to pay to fix an admin breach.