I keep hearing of people who have used Lemmy for a few days or a few weeks and want to start using a mobile version – often Voyager.
They open Voyager for the first time, and get a screen with a button for logging in. They get a choice for which Lemmy instance to join, but no place for entering their existing username or password.
I’ve told them that “in the first screen there is a button that is very difficult to notice, allowing you to use a pre-existing Lemmy username. Find that semi-hidden button, click it, and you can login.”
It is of course a working workaround to pre-emptively tell people that the button exists, is just very well hidden, and needs to be clicked by most people who download Voyager. But still, it would be cool if the screen for new users could be altered so that the ability to log in with a pre-existing username was equally visible as the choice to create a new account!
It doesn’t matter if there’s an email server or not.
I am not logging in with the credentials “[email protected]”. I am telling Voyager that I want to log into “Lemmy.wtf” with my user “Meldrik”. Before I type a password, the app will check if “Lemmy.wtf” exists and maybe even check if there is in fact a user named “Meldrik”. If all are true, then it will ask for password.
Something like that. I don’t know how Voyager works 😁
that’s still making assumptions about where you want to login to. The fact is that you can login, today, to Lemmy.world with “username” of “[email protected]” assuming Lemmy.wtf has an email server setup. And it’s not a safe assumption because users DO have email addresses saved in their passwords manager as a username for whatever random instance, and there should be a 0% chance of sending user credentials to the wrong domain.
I can’t just trust that domain to say they’re a Lemmy instance, and there is a user with that username on the domain. That’s trivial to exploit.