Kbin is a parallel project to Lemmy in the Fediverse, one which launched some months ago. Lemmy has been around a couple of years. Both Kbin and Lemmy structure content similarly to reddit’s subreddit topics, where Kbin calls them “magazines” and Lemmy calls them “communities.” Topic threads are nested chains of comments and replies with inline media and a 10k character limit. Instances of Kbin and Lemmy can and do interact, with users from either community participating transparently in posts and discussions.
In a technical sense, Kbin is implemented in PHP, where Lemmy is implemented in Rust.
Kbin is also able to interact more closely with Mastodon instances, users and content. With an account on a Kbin instance, you can follow, boost and reduce Mastodon content, in addition to up voting or down voting it.
Kbin also natively displays a user reputation score which is similar to reddit karma, as the net value of boosts less reduces. Up and down votes are (seemingly) not tracked in the aggregate. Lemmy does not expose these stats in the default UI, though there are API endpoints that return this dats
A final distinction (at least that I know about) is that Lemmy exposes an API for 3rd party access and supporting 3rd party apps. Kbin does not yet have a pu loc API, though I understand that one is under development and is currently under review.
So to answer your question: no, i don’t believe there are no apps for Kbin yet, but app developers have indicated their intent to support Kbin when it is more mature.
Clipboards (the buffer where copypasta is stored) are a weak link in security because ANY app can expect access to it. If there is malware on your system it generally has access to the clipboard buffer, and therefore any credentials you might paste.
“OK, but usually you only paste the password and type the username?”
Quite true. Keyloggers are also a thing and easy to install on desktop OS, maybe harder on mobile.OS.since (at least on android) you need to grant permissions for keyboard apps. Either way if a keylogger is installed then you’re fucked.
It boils down to a bad risk assessment. Those services decided memorized credentials must be manually typed to prevent clipboard snooping at the (likely) cost of reduced password entropy and/or weak MFA (e.g., SMS or email based TOTP). In other words: stupid CISOs.