What a way to start the day. I got a notification my Mastodon account was hacked. Well, not really my account, but the keys to an app I had authorized to post on the Mastodon timeline on behalf of me. It turned out to be the app Mastochist or Mastodon Super Tools, which I actually never heard of. When I searched the name of the app I got into an old copy of a page on the Internet Archive. This app lets you search for Twitter accounts on Mastodon, I think?

Anyway, it’s good to have regular reminders in your calendar/review-schedule to check the apps you authorized to do something with your social account. On Mastodon, you can find this on Settings > Account > Authorized Apps. Remove the ones you haven’t used in a period of time you find suitable. Even better would be a setting that revokes the key when it’s not used for x months. Also it would be a great addition if the authorized apps are required to provide a description and home URL that are included on the list of authorized apps. when you have the opportunity in app to give granular access to your account, choose the least amount of access for the app to work. Sometimes reading your timeline is more than enough instead of full access.