this post was submitted on 09 Jul 2023
13 points (100.0% liked)

Backup

67 readers
1 users here now

For backup enthusiasts and paranoids! Please always follow a 3-2-1 strategy 💾

founded 1 year ago
MODERATORS
 

I remind you that Lemmy.world has recently implemented the ability to enable two-factor authentication.

To enable it, go to your profile settings and find the 2FA button at the bottom. Once you click on "Save" the page will reload and you will have a new "2FA installation link" button that will allow you to save the authentication seed.

Remember to always save the seeds and/or QR codes of accounts with two-factor authentication. Many password managers like Biwarden or KeePassXC allow you to save 2FA codes. However, this would mean that together with the credentials such as email and password there will also be 2FA creating a single breaking point which in some cases is not convenient.

An alternative is to use 2FA applications such as Aegis, FreeOTP, and others (I would avoid Authy because it requires a phone number) or use keys such as Yubikey and the like.

you are viewing a single comment's thread
view the rest of the comments
[–] Rooki 1 points 1 year ago* (last edited 1 year ago) (3 children)

Please dont use it for now! It doesnt work at all!

But if it works i can recommend "ente authentication" its open source and works great!

And for security reasons i would NOT recommend the seeds and/or QR codes as it adds a breaking point, because with those anyone can snoop your TOTP codes and steal everything.

[–] nlogn 2 points 1 year ago (2 children)

Please dont use it for now! It doesnt work at all!

I'm not sure of the answer, I just tried to save the 2FA code using Aegis. To be precise:

  • Samsung Galaxy S5 (good vintage)
  • Android 6.0.1, patched 1 Apr 2017
  • Aegis 2.1.3 (Play Store)

By importing the code and specifying the algorithm requested by Lemmy: SHA256, the import went correctly and I can access the account with the 2FA code.

But if it works I can recommend “ente authentication” its open source and works great

Agree with you, in the post I mentioned others precisely because, fortunately, there're many alternatives to manage 2FA suits. Both Aegis and FreeOTP are open source and usually, the ones I hear most recommended. Obviously, your choice is also completely correct, as long as the project is open source and above all maintained it can certainly be software to be evaluated.

And for security reasons I would NOT recommend the seeds and/or QR codes as it adds a breaking point

Still totally agree, as I wrote in "bold" in the post, it's not advisable. However, we must bear in mind that each user has his own needs and therefore may prefer, for certain credentials, greater usability rather than greater security. We could extend this speech indefinitely, you don't imagine on all the other social networks, blogs, sites, etc. where users insult each other about how to manage 2FA codes.

I absolutely want to avoid this, I don't want another social network where I can dedicate passion and then only see users getting pissed off with each other.

As said, I agree with you, but in the end, the choice depends exclusively on the user and his needs.

PS: sorry if my tone may seem mean but it's not at all, indeed I love to see that the community grows and that there are people like you and others who interact with each other! ❤️

[–] Rooki 2 points 1 year ago* (last edited 1 year ago) (1 children)

Oh ok so the link doesnt work at all you have to import the code manually? Because i clicked on the url and i tried on microsoft authenticator it added it and generated the code BUT the code was not correct. I will test another authenticator

[–] nlogn 1 points 1 year ago

Apparently with some authenticators the link provided by Lemmy will not be "formatted" according to the "rules" of the application that is used to store the 2FA codes (I'm just guessing and I'm not sure), but you can copy the button link "2FA installation link" finding something like:

otpauth://totp/Lemmy.world:[your name account]?secret=[your secret seed for 2FA]&algorithm=SHA256 etc

On Aegis I simply manually added a new element, copy [your secret seed for 2FA] and specify the SHA256 algorithm, all other parameters I left default.

But before logging out of your account, try for example on another browser or on a different device if everything works correctly, in my case it didn't give me any problems, I hope that in the future Lemmy will make this easier.