I currently use Lastpass, and while I'm overall happy with what I have right now, some issues (like slow firefox support, android functionality that only works arbitrarily) makes me want to look at other solutions.

I have heard about other popuar managers like Keepass and Bitwarden, but haven't made the plunge yet. So I thought I could kickstart a discussion on this topic.

Which password manager do you use or have you used? Why do you recommend it (or not)?

I’m still in awe of what’s happening here and wish I had a crystal ball to see the change this type of community will drive in broader social discourse. If that goal is realized, there will be very sophisticated folks looking to disrupt that progress.

As a security guy (especially in light of Reddit’s recent announcement) I had a few questions!

1.) How open are we to integrating some type of optional 2FA for users? Maybe a simple TOTP integration?
2.) Are the admins of the site implementing the right amount of fundamental controls for the backend? I’m 100% happy to provide thoughts on this if necessary! The decisions you make now, could impact us 5-6 years from now. And they’re oh-so-easy to change this early :-D.

I hope I’m posting this in the correct place. I’ve been having a disagreement with someone over the abilities of hackers. I kinda hope Deimorz pops in because he wrote automod.

I said that the only way for someone to gain access to a subreddit to make changes is if they steal a moderator’s account password or they are added to the mod team. The person I’m having a disagreement with believes that adding text to the wiki for users to view (like the extensive wiki r/skincareaddiction has) would make it easier for hackers to insert malicious code in order to gain access to the sub. This person also mentioned being able to change the subreddit through browser tools. She insists the sidebar and wiki are potential access points for scripting attacks. Automod just so happens to be enabled which is why I mentioned Deimorz.

I’m not an IT professional. My brothers currently are which helped me learn most of what I know. I’ve supplemented that over the years with whatever info I came across online. What she’s saying sounds like crazy town to me. But since I’m not a hacker, is there a way to use the sidebar or wiki area to hack into a subreddit?

Thanks in advance to anyone who pities me by providing a detailed answer to this thinly veiled request to help me win an internet argument 🙇🏾‍♀️.

I'm sure as tildes gets bigger, security will continue to be a matter of discussion.

The dev GodEmperors of tildes have (quite awesomely) taken a big position on security already by disallowing breached passwords from being used.

I'm not much of a hacker myself, but it's an armchair interest and I'm sure others more skilled would love to be able to give back to Tildes and help keep the site as secure as possible.

What's the policy on bug hunting, and searching for exploits?

Thanks!

I'm going to college soon, and I'm in the process of straightening out my accounts and login information. What password managers would any of you recommend? I'm looking for something that can be accessed on both desktop (PC) and mobile (Android).

Edit: I have set up KeePass and it looks like a great solution! Thanks for the help.

A lot of the newer websites and services now offer 2FA so I was wondering if Tildes has any plans to do that? No idea how hard it would be to implement but I feel like that would be a welcome addition for many people.

I'd also be happy to hear people's thoughts on this an if you guys think the website actually needs this. In my mind more security is always better than less security.