4
PSA: 2FA Issues with Lemmy (social.fossware.space)
submitted 1 year ago by NettoHikari@social.fossware.space to c/fossware_meta@social.fossware.space
2 comments fedilink hide all child comments

Hello, guys!

As mentioned in the server maintenance post, 2FA is now available with Lemmy 0.18.0. However, the implementation seems to be borked.

Issues right now
  • Instead of a QR code as usual, users will be presented with a button that opens a link
  • There's no check whether or not the generated tokens work, 2FA is just being enabled without prior safety-check
  • This might be too complicated for non-tech-savvy users, and they're effectively locking themselves out of their accounts
  • After copying the generated secret to Bitwarden, the generated TOTP tokens don't seem to work anyway (didn't try with Aegis, etc.)

You can track the GitHub issue here.

Temporary Solution

Even though I'm not happy about it, I'll force-disable 2FA for now. If you enable it, it's gonna jump back to disabled after a short amount of time.

Gonna update you guys when this is fixed. Thank you!

top 2 comments
sorted by: hot top controversial new old
[-] Evoke3626@lemmy.fmhy.ml 0 points 1 year ago

This is kinda a huge deal, really great catch honestly. Most people have zero clue what your post even means, going to see a lot of people locked out because they didn’t catch this.

[-] NettoHikari@social.fossware.space 1 points 1 year ago

Excatly. I hope it's gonna be fixed soon, because 2FA is pretty necessary nowadays.

this post was submitted on 25 Jun 2023
4 points (100.0% liked)

Meta

1 readers
2 users here now

About

🗞️ FOSSware staff will post regular updates about this instance or other Fediverse topics in this community.

Rules

🧾 General Instance Rules apply

Look at the side bar of the main feed.

👮 Only Staff Members can create Threads here

If you need help or want to ask a question, use /c/fossware_support. Thanks! 😻

🔗 Other Resources

founded 1 year ago
MODERATORS
NettoHikari@social.fossware.space