this security issue can only be triggered by users fault, but it’s up to the UI designer to prevent user mistakes causing potential credential leaks.

The login page

The login page is designed to be as simple as possible. Only 1 page, no extra steps. It’ll validate whatever instance url you type in to ensure it’s actually a Lemmy instance.

The problem

If the user mistypes the instance url to a typo squatting instance, your credentials were just sent straight to them. Bad. For example, I could setup an instance named lemmu.world, and if someone accidentally mistypes lemmy.world as that, I get their credentials for free.

Potential solutions

I’m not sure which one would be best as they all have problems.

  • Require you to type the instance before you can start typing your credentials.
    • This complicates things and adds an extra step. This also wouldn’t completely solve the problem.
  • Add an auto complete list
    • This will work for popular instances as they’ll know that they have the wrong url because it disappeared from the auto complete. However, I’d need to keep this list updated and id prefer photon to have minimal external ties. This also wouldn’t work for small instances.
  • Add typo checking
    • This has the same problem as above as I’d need to keep common misspellings updated and I want photon to have minimal external ties.

Any ideas? For now, this isn’t a problem as long as you double check the instance you’re logging in with, and there’s no cases of this AFAIK.

4 points
  • Require you to type the instance before you can start typing your credentials.
    • This complicates things and adds an extra step. This also wouldn’t completely solve the problem.

First thought in a similar vein to this, have a pause for credential & instance review before passing them along?

E.g. Type everything in as-is, but instead of log in promptly sending anything, it displays all the information you just entered again with some simple message like, “Does everything here look correct?” and Yes/No or something of the sort.

It complicates things and adds a step as well, however I think it would do a better job of encouraging people to double-check for any typos than what you mention in what I’ve quoted above. Bonus of this idea is that it also keeps external ties to a minimum.

permalink
report
reply
4 points

I’ll probably go with this. Thanks!

permalink
report
parent
reply
2 points

Tesseract works like your option 1: Require typing the instance before credentials, and they’re on separate pages (though they wouldn’t strictly have to be). It then populates the sidebar/banner from the instance entered. The impostor / typo-squatting instance would have to match the site details, logo, banner, and spoof the activity stats (though the user would be expected to check what’s displayed is correct for the instance they’re logging into).

e.g https://tesseract.dubvee.org/login

permalink
report
reply
1 point

I’d say you should have a list of pre approved instances and then give a little warning when an instance is not on the list.

permalink
report
reply

Photon

!photon@lemdro.id

Create post

Photon for Lemmy

A client for the fediverse designed to be intuitive, fast, and beautiful.

Share your themes, ask questions, report bugs, or check on the latest updates here!

You can contact the dev at @Xylight@lemdro.id.

Rules
  1. Posts must be related to Photon in any way
  2. Don’t be mean
  3. If your post is a bug report, please preface the title with [solved] if it’s been fixed.

Community stats

  • 22

    Monthly active users

  • 64

    Posts

  • 316

    Comments