this post was submitted on 06 Oct 2024
52 points (90.6% liked)

196

16710 readers
2552 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 2 years ago
MODERATORS
 

My phone with 2FA codes has died... again... for the 3rd time in something over 2 years (average Poco X3 Pro experience).

I've used the Cisco Duo app, mainly for the convenience of automatic backups. After all, this has saved me the last time my main phone died. Connect GDrive, download DB, enter passphrase to decrypt, there you go.

I've turned on my still barely functioning 2017 Moto G5s Plus. There I had the Duo app. Upon opening it says something along the lines of "Device offline, showing on-device accounts only."
How does that read to you? Auto-sync, I thought.
I connected to the internet, refreshed the app, nothing. I go to settings, check the backup... horror!
"Last backup: October 6th 12:06"
I opened the app at 12:06.

Why would you update the backup if it has more recent timestamp than current version?
"Hmm... this phone last backed up in 2023, most recent backup on cloud is 2024, yep, OVERWRITE IT WITH 2023 VERSION!!"

Hmm... this also means I've lost access to my Cisco NetAcad school account...

Welp, lesson learned, switching to Aegis.

Since disabling TOTP requires TOTP token, I have no way to disable it. I hope the instance admin can, but SDF has far more important shit to care about.


I am thinking on getting something crazy like Ulefone Armor 24 brick. Though it lacks things like 5G, stereo speakers, and 4K video recording, but I can afford it and have it shipped tomorrow morning.

you are viewing a single comment's thread
view the rest of the comments
[–] anas 12 points 2 months ago* (last edited 2 months ago) (2 children)

Sorry about that, but thank you for this post, I had no idea Lemmy finally implemented 2FA.

EDIT: On second thought, there actually is no way to generate a recovery code, so I think I’ll wait a little longer.

[–] [email protected] 5 points 2 months ago (1 children)

recovery code tip: just save the secret it gives you and then you can put it in another app

[–] anas 2 points 2 months ago

That’s actually not a bad idea, thank you!

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

OK, I recovered it. It seems Lemmy (at least 0.19.3) has no rate limiting for trying 2FA codes.

Edit: Fixed typo (seem -> seems)

[–] anas 3 points 2 months ago

Oh, this doesn’t sound very secure