0 upvotes, 5 direct replies (showing 5)
View submission: How to keep your Reddit account safe
If Reddit wouldn't force us to display our username everywhere and attach to everything we post, then leaked passwords wouldn't do any good. If you don't know the username, then a password loses its power. And no, nicknames don't work here.
​
For security, having a private login that's never ever displayed to anyone but the user would be the way to go. Then, as long as it's tied to a private e-mail, you're 100% safe. My logins are never tied to emails I use for the public. With most of my logins, I could tell you my password and you still couldn't log in. Not without my login! I really don't understand how Reddit can not know this.
Comment by Drunken_Economist at 06/05/2019 at 20:41 UTC
5 upvotes, 0 direct replies
That doesn't really make much sense. The username/password combos come from leaks of other services.
Eg Adobe gets hacked, and the username/password combo `Drunken_Economist, hunter3` are out in the wild now. A hacker comes by and tries that credential pair on reddit, and boom, they're into my account if I reused the password. The hacker isn't targeting *me*, and doesn't know or care if I had posted before or anything, they just tried out all the combos to see what sticks.
So what reddit does here is proactively tries out the user/password combos, then pushes a password reset on any of them that work.
Comment by DesertFoxMinerals at 06/05/2019 at 23:43 UTC
1 upvotes, 0 direct replies
I really don't understand how Reddit can not know this.
I doubt any of the Reddit staff is old enough to remember the humble BBS, which would do exactly that - username and display name were never the same and username was never publicly given out.
then again, Reddit can't even properly detect vote manipulation, so I don't really trust them to know much about basic security practices from 30 years ago which are still valid to this day.
Comment by Misterpiece at 06/05/2019 at 20:19 UTC
1 upvotes, 1 direct replies
Account name and username should ideally be different. Perhaps Reddit was built before people realized this.
Comment by appropriateinside at 06/05/2019 at 22:47 UTC
1 upvotes, 0 direct replies
That's not how any of this works...
This is not security advice. This is BARELY security through obscurity.
Comment by TardigradeFan69 at 06/05/2019 at 23:37 UTC
1 upvotes, 0 direct replies
You didn’t think this one through