Kevin's wall

Boring Mastodon security thing - make sure you enable MFA, that all your instance administrators and mods have MFA and that they’re on the latest version (4.0.2).

Why? If you or an admin/mod deletes your account, it’s instant and gone. Even if the entire instance was restored from backup (unlikely 🤣) your account would still be hosed as every other instance would flag it deleted.

For transparency #cyberplace admin is MFA’d with hardware token.

Like 3 Jan 2023 at 14:20 | Open on cyberplace.social

Kevin Beaumont

There's definitely some fun Mastodon security issues which will appear at some point, e.g. if anybody gets admin at an instance you can bulk select every user and delete them - even if you restore the instance from backup, every other instance has wiped them = no followers etc.

The first admin account on every instance has no MFA by default.

3 Jan 2023 at 14:28 | Open on cyberplace.social

Show 6 replies

Kevin Beaumont

I’m still pissed at Elon for two things:

1) making me learn how to spell Mastodon
2) that he didn’t buy and ruin LinkedIn instead

Like 1 27 Nov 2022 at 23:47 | Open on cyberplace.social

Show previous comments