I keep hearing of people who have used Lemmy for a few days or a few weeks and want to start using a mobile version – often Voyager.

They open Voyager for the first time, and get a screen with a button for logging in. They get a choice for which Lemmy instance to join, but no place for entering their existing username or password.

I’ve told them that “in the first screen there is a button that is very difficult to notice, allowing you to use a pre-existing Lemmy username. Find that semi-hidden button, click it, and you can login.”

It is of course a working workaround to pre-emptively tell people that the button exists, is just very well hidden, and needs to be clicked by most people who download Voyager. But still, it would be cool if the screen for new users could be altered so that the ability to log in with a pre-existing username was equally visible as the choice to create a new account!

  • Meldrik@lemmy.wtf
    link
    fedilink
    English
    arrow-up
    29
    ·
    7 months ago

    People shouldn’t even have to choose their instance. People should type their full username.

    Fx: meldrik@lemmy.wtf should be enough and then their password.

      • Sckharshantallas@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        7 months ago

        It recycles people’s knowledge about emails in a nice way. It could even have some sort of autocomplete as you start typing the instance name to prevent mistyping.

        • Meldrik@lemmy.wtf
          link
          fedilink
          English
          arrow-up
          2
          ·
          7 months ago

          Exactly.

          Some instance names can be a bit tricky to type, like sh.itjust.works, so an autocomplete would be a huge help.

    • aeharding@vger.socialM
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      7 months ago

      I’m not sure how that would work. When you sign in you can use your username or email. So if you type example@domain.com there is no way to know if you’re trying to login to the instance at domain.com or login with your email ending in domain.com, to some other instance.

      Edit: and it can’t just assume and try domain.com first, because then if it’s not what the user intended then you just sent your login credentials accidentally to a random domain 🙃

      • Meldrik@lemmy.wtf
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        You would only be able to login this way with your username. If you by mistake use your email, then it simply doesn’t resolve to a Lemmy server and the login fails.

        Meldrik@notlemmyserver.com would simply fail, because that Lemmy instance does not exist.

        • aeharding@vger.socialM
          link
          fedilink
          English
          arrow-up
          5
          ·
          7 months ago

          But what if it does exist? But your have an email server on the same domain? Or what if that domain is being malicious and masquerading as a Lemmy instance to steal your credentials?

          • Meldrik@lemmy.wtf
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            It doesn’t matter if there’s an email server or not.

            I am not logging in with the credentials “meldrik@lemmy.wtf”. I am telling Voyager that I want to log into “Lemmy.wtf” with my user “Meldrik”. Before I type a password, the app will check if “Lemmy.wtf” exists and maybe even check if there is in fact a user named “Meldrik”. If all are true, then it will ask for password.

            Something like that. I don’t know how Voyager works 😁

            • aeharding@vger.socialM
              link
              fedilink
              English
              arrow-up
              9
              ·
              7 months ago

              that’s still making assumptions about where you want to login to. The fact is that you can login, today, to Lemmy.world with “username” of “me@lemmy.wtf” assuming Lemmy.wtf has an email server setup. And it’s not a safe assumption because users DO have email addresses saved in their passwords manager as a username for whatever random instance, and there should be a 0% chance of sending user credentials to the wrong domain.

              I can’t just trust that domain to say they’re a Lemmy instance, and there is a user with that username on the domain. That’s trivial to exploit.

              • Meldrik@lemmy.wtf
                link
                fedilink
                English
                arrow-up
                1
                ·
                7 months ago

                It’s true you can login with your email, instead of your username. But what I am saying is, in Voyager, it should only ask for your username+instance (meldrik@lemmy.wtf).

                If I by mistake type my email: meldrik@protonmail.com it will obviously fail, right? Because there’s no Lemmy server at that domain.

                You already validate Lemmy servers in Voyager, right? So if “Meldrik@lemmy.wtf” doesn’t match a Lemmy server, an error would show.

                • aeharding@vger.socialM
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  7 months ago

                  I validate lemmy servers by asking the server if it’s a lemmy server. If the protonmail.com is malicious and says, “sure I’m a lemmy server” then credentials would be sent to it, which is not good

                  • Meldrik@lemmy.wtf
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    edit-2
                    7 months ago

                    If I typed the wrong domain here and it turned out it’s a malicious server pretending to be a Lemmy server, then what happens?

                    Also, wouldn’t it be highly unlikely that the users email domain is malicious?