this post was submitted on 10 Jul 2023
55 points (96.6% liked)

lemmy.ml meta

1406 readers
1 users here now

Anything about the lemmy.ml instance and its moderation.

For discussion about the Lemmy software project, go to !lemmy@lemmy.ml.

founded 3 years ago
MODERATORS
nutomic@lemmy.ml
55
I'm going to assume the admins here all have 2FA on their accounts, right? (lemmy.ml)
submitted 1 year ago by tryagain@lemmy.ml to c/meta@lemmy.ml
26 comments fedilink hide all child comments
 

Right guys?

you are viewing a single comment's thread
view the rest of the comments
[–] TheSaneWriter@lemm.ee 3 points 1 year ago (1 children)

The servers should theoretically have a way to murder the tokens, but I'm not sure how Lemmy has implemented authentication so I don't know for sure.

[–] spiderplant@infosec.pub 3 points 1 year ago (1 children)

Looks like you're right, admins will just need to update the JWT secret.

[–] TheSaneWriter@lemm.ee 1 points 1 year ago

That makes sense. Of course, updating the secret will log everyone out, but that's a small price to pay to fix an admin breach.