Some older, inactive Mastodon accounts are being turned into spam accounts.

Every account I've checked has been in the database, i.e. the spammers are using breaches from other websites and randomly trying e-mail/password combinations to get access to those accounts, insert spam links in the bio and start following people.

An exceptionally simple defence against this happening to you is using two-factor authentication. Check your account settings to see how to enable it.


On a more fundamental level, you should not be using the same password on different websites, and use a password manager like KeePass to generate and keep track of the passwords.

@Gargron The problem is keeping track of enviorments. Is keepass for Windows(Edge), Google(Chrome), Apple(Safari)? for Computers, Tablets, phones? Or do we have to choose alternative password managers for each? At the end of the day, having the same password for the accounts I use the most is just quick and simple.

@DrunkenWolf keepass has a desktop application for windows, and a phone app for apple called minikeepass, however, as far as I know, there is no android phone app, and you will have to manually transfer the password database

@keearis I figured as much. Wish it was as simple as one universal thing called keepass that you can apply to any device you're using. But that's just not reality.

@DrunkenWolf I think that’s what keepass is trying to do, but hasn’t quite achieved if you want to read more about it here’s the site

@DrunkenWolf @keearis
- KeePassXC (Win, Mac, Linux)
- KeePassDX (Android)
- KeePass Touch (iOS)

keep your database synced with something like dropbox or syncthing

nonfree but more convenient alternative: enpass ($10/life to use more than 20 passwords on mobile, but otherwise unlimited, works on basically every platform and includes browser extensions, also includes one-time passcode generation for 2FA, autofill with a click)

That is no excuse. Some form of Keepass is available for virtually any platform

@frainz @Gargron I can use password managers in general but my issue is lets say I have an iphone. I let Keychain generate my passwords and save them. But then I go home and I just happen to have a windows laptop. Now what? I use my iphone like if it was a computer, so everything is in Keychains. Do i really have to manually passover all usernames and passwords from iphone to whatever password manager Windows uses? Laziness will be my downfall.

Many people use nextcloud to sync their databases. Or if you're really lazy, you can use something like bitwarden with built-in sync

@frainz Hmmm... I'll look into that. nextcloud is easy to remember... bitwarden not so much lol.

@DrunkenWolf @frainz I recently switched from LastPass to Bitwarden. It's great. Yes, maybe lazier than syncing your database file yourself, but it's great. And I legit have over 600 saved accounts, and every one has a different password.

@DrunkenWolf @Gargron There are versions of KeePass for Windows, Linux, Android, iPhone, macOS, and plugins for all major browsers, including Firefox, Chrome and Safari. You just need to sync your database between all your devices. More info: There are also online password managers, and some of them are open source and can be self-hosted, like Bitwarden ( ). Really, there is no real excuse to using the same password!

@berberjs @Gargron Ok, Ok you win. There really is no excuse... I lied. I'll just keep blaming it on the liquor :)

@DrunkenWolf @Gargron The nice thing about Keepass and KeepassXC is that they make use of a common storage format that's supported by a great bunch of apps.
So there are apps for nearly all plattforms that can read your password database. And the desktop program *can* be integrated but doesn't have to, as it also works well without that due to so-called "AutoType".

@schmittlauch I was thinking more along the lines of having a password manager generate passwords for the user and saving them I believe Keychains for the macbook does this. But then thats only within apple products. To be honest I haven't used it to see what happens if I tried to sign in to the same accounts on Edge or Chrome.

@schmittlauch I guess the best thing for me right now is just to stick to one environment and apply that to all my devices. So if its apple then its macbook, iphone, ipad, imac etc.. and save myself the headache.

@DrunkenWolf If that wasn't clear: The same works with the Keepass ecosystem. You generate passwords and store them into an encrypted file.
This file can be read by various programs and apps for your desktop or mobile. You just have to sync the file between devices, e.g. via Nextcloud, Dropbox or other services.

@DrunkenWolf so while you may have different apps for different environments, they all can use the same password data.
And the different apps can specialise better for each environment than a single cross-platform app could do.

@DrunkenWolf @Gargron is a fork of Keepass that is available on Mac, Windows and Linux and is sync-able with and other services.

It is connectable to most browsers, is actively maintained and is a quality build.

@DrunkenWolf you can use the same password with variations. For example mypassword-forgoogle, mypassword-formastodon, mypassword-forapple, ... Then you only need to remember your single password and your scheme.
(In this case, [password] `dash` for[website])

@DrunkenWolf @Gargron LastPass works for Linux, MacOS, Windows, iOS, and Android! As a mostly Linux user, I always look for things that are fully cross-platform.

@dheadshot KeePass is a program that stores passwords in an encrypted file on your machine behind a master password (the only password you need to remember henceforth)

I prefer EnPass. It supports sync between multiple platforms and browsers, and the encrypted wallet file can be stored on my own cloud.

@Gargron I prefer Bitwarden. It's FOSS and works on every modern browser, as well as Android and iOS.

@popekingjoe I’ve been using 1Password to manage my family’s passwords, but since I’m trying to move to self-hosted services Bitwarden makes more sense! Thanks for the suggestion!

@ahyoussef no problem! I switched to it from LastPass months ago and I love it. Works everywhere I use it better than LastPass did and doesn't nag you about its premium tier.

@popekingjoe @Gargron I totally agree here - Bitwarden is a much better option for most people, especially less technical folks. The free tier they offer on their own hosted product is super generous in comparison to others, too, more than enough for most uses.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!