lemmy.ml meta

1406 readers

1 users here now

Anything about the lemmy.ml instance and its moderation.

For discussion about the Lemmy software project, go to !lemmy@lemmy.ml.

founded 4 years ago

MODERATORS

nutomic@lemmy.ml

I'm going to assume the admins here all have 2FA on their accounts, right? (lemmy.ml)

submitted 2 years ago by tryagain@lemmy.ml to c/meta@lemmy.ml

22 comments fedilink hide all child comments

Right guys?

you are viewing a single comment's thread
view the rest of the comments

[–] Lmaydev@programming.dev 1 points 2 years ago (1 children)

Once a token is issued it is valid until it experies. There is no way to disable a token short of changing the secret used to sign them which would invalidate all existing tokens for all users.

permalink
fedilink
source
parent
hideshow 2 child comments

[–] Natanael@slrpnk.net 1 points 2 years ago

That's bad design because you can bind a user token to a per-account value which can be rotated to deprecate tokens

permalink
fedilink
source
parent