Bluesky Safety: Update: App Passwords no longer have access to your invite codes, to ensure that third-party tools cannot claim your invite codes without your awareness. Please only login to third-party tools that you trust, and always use an App Password (a temporary solution until we implement OAuth). 🧵

Update: App Passwords no longer have access to your invite codes, to ensure that third-party tools cannot claim your invite codes without your awareness. Please only login to third-party tools that you trust, and always use an App Password (a temporary solution until we implement OAuth). 🧵

❓ Q: What are App Passwords? 💬 A: App Passwords are revokable passwords you can use to login to third-party tools. You can generate them at Settings > Advanced > App Passwords.

❓ Q: What permissions do App Passwords have? 💬 A: They have most of the same abilities as the user's account password, but they're restricted from destructive actions such as account deletion. They are also restricted from creating additional app passwords and from viewing invite codes.

Who about blocking login on the website or in the app. You could restrict them to be used in api calls only.

a bit difficult seeing as the official app uses the same API calls as everyone else

Great, thanks 👏🏻

i cannot for the life of me, use an app password to successfully log me into Deckblue.

Who needs app passwords. We need mfa or or passkeys!

Agreed, MFA is a must for security

Any news on 2FA?

are app passwords eventually going to have granular security options? ie, will we eventually be able to generate a “read only” password?

Second half of the post kinda answers this - unlikely to implement a bunch of changes to a temporary feature. This one was just very necessary for preventing a huge explosion of scammers with invites.

Useful, thanks

hey, if you type in your pw, it will show as stars ********* see!

lol also I didn't know you could have asterisks in your handle as well, cool username, @***************.bsky.social!

Can we have an esthetic improvement in the way users can reset their password? make it to use the email explicit, and allow also to have a 'forgot email' feature in cases people forget which they used ? Ability to edit the email used at registration would be really cool ! @pfrazee.com

They probably shouldn't have access to your email also.

possibly difficult to enforce since login allows username or email

@safety.bsky.app , since the users are meanwhile coming in huge numbers, when do you plan to have 2FA implemented? Security is key & plain passwords are compromised in minutes or less. Any chance you could provide the possibilities for securing our accounts? Right now the situation is unsafe ../2

..2/ to say at least. Could you eloborate, if, when and what kind of 2FA you´re implementing and how the time schedule on this tasks is? And while talking about project timelines: is there a timeline available with estimated dates for at least milestones? That would be great.

How do you get invite codes?

I think you get given them after you've been on here a while.

Thanks

If you tap the 3 horizontal bars, top left of the screen (on the app) you'll see when you get one.

Thanks, there’s a good reason I followed you 🤘

I got one after I'd been here ~about~ a week, a second ~about~ a week later. Number of invite codes available shows up on the right under the search box, in the browser at least.

Yeah, it was about a week for me too.

I just want to be able to use Gifs 😫

I accidentally left a letter out of my email address when I created my Bluesky account. I have tried to figured out how to edit it, but cannot figure it out. How do a fix it? I just need to add a letter to it.

Hääää? 😅

Please let the app passwords but also as a feature after there is OAuth. **And: We need here extremely urgently 2FA with Fido2 and gladly also Passkeys.** And for me I would like to use X.509 certificates for authentication ;)

I was giving away invite codes to trusted friends, but two of them were taken by unknown What to do?

Personally advise no one give these invites out on Twitter Had two brand new invites Stolen Would love to trace those invite Numbers and find Elmo s trolls How bout it Jack?

Does this affect any invite code given to a friend.

Porfa @jordirico.bsky.social y demás buena gente que entendéis de estas cosas ¿podéis traducirlo a coloquial? Gracias

Pues no he usado apps de esas, pero creo entender que aplicaciones externas a las que dabas permisos podían acceder a tus códigos de invitación y robártelos, así que han capado el acceso de esas apps a los códigos.

Yo si he usado una para Twitter, para Bluski no pero creo que ya no lo haré, joder todo son sustos

What are app passwords, what are third party tools, please be more clear.

if you don't know, this post probably isn't for you, so don't worry about it!

It's a legitimate question, though. I just joined, and I also have the same question. Not a luddite either, just uninformed. Be gentle. Is there a link to a list of useful 3rd party apps that interface with BlueSky? Are they even worth using or are they all buggy/sucky since it's so early?

Thanks Kyle! Appreciate it! ❤️ So far, Bluesky is looking good for V1! 🔥

As a matter of fact, there is such a list, and documentation for the entire atprotocol, which Bluesky is based on. Here's the list of apps: atproto.com/community/pr... and here's where to start with the documentation: atproto.com/guides/overv...

and I wasn't trying to be exclusionary or gate-keepy, but I acknowledge my first reply may have come off that way. You're right, it is a legitimate question.

@ffo-nobooody.bsky.social du hatest aber die original App genutzt oder?

Joar denke schon

Don’t know what a third party tool is or where to find it. I no longer have access to main feed to ask someone. Also didn’t get an email.

Post