I just read on /r/the_donald about a new reader for this site that persists your authentication credentials.
While this person could have the best of intentions and is just trying to be helpful. Please understand this is a security concern for those who wish to maintain the integrity of your user credentials. As a 25 year software engineering professional with a background in security. If I was inclined to spoof your user account, I would build a kick ass app you could not resist.
Please, be patient. Only use readers or apps that this website has approved and verified safe.
Mods, it is perfectly acceptable to request source code and put these apps through a code review process to verify proper conditions are met. If you need help with identifying these potential issues issues feel free to reach out to me and I will provide a resume, work history and references.
Please, please, please refrain from authenticating to this site via a third party app.
Please support this message by pushing it to the top or have mods put out a sticky notification
*Edit: Fixed auto-correct spelling (protein tips =/= potential)
Are you talking about my app? It's a browser inside an app with a menu on the side. I can send you the code if you're skeptical of it
It could be. Again, I am not saying your app is dangerous or malicious in anyway. Please don't take it that way. I encourage you to reach out to mods and get everything checked out and verified. If I recall - you suggested you have already done this. I have no reason to believe you did not do excellent work. My only concern is there are a lot of bad guys who want nothing more to see this site get infiltrated. This will be the first way they try to spoof a mod account through a phishing app requesting credentials through their reader as a proxy.
This is merely a paranoid security architect trying to warn the public how not to get spoofed.
Thank you for your enthusiasm
Pessimistic by policy, optimistic by attitude. It is the best way to be these days.
The younger ones only want to use mobile apps these days and use the same passwords for everything. Rotate your passwords regularly people. Don't be lazy online and then expect your personal information to be secure. 123456, is not a password, it is an open door. Also the same for banking pins.
And use two-factor authentication with every app that supports it!
If deployed correctly, your password could be 12345, and it would still be incredibly protected by a 2nd authenticator.
If WoW players have been using one from early on to protect their virtual shit, everyone should be protecting your banking and privacy the same way.