this post was submitted on 16 Jul 2023
111 points (95.9% liked)

Discussions related to Infosec.pub

1136 readers
1 users here now

founded 2 years ago
MODERATORS
 

2FA in lemmy doesn’t work reliably yet. Please don’t enable it or you will almost certainly get locked out.

Note: it makes me sad to post this.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

The 2FA process itself - both initial setup and use with an OTP provider - has worked consistently for me so far. The instruction in the interface is misleading and I'm not the only one who locked himself out as a result. The Mastodon devs merged my pull request to clarify the instruction (including my mistake of saying "oauth" instead of "otpauth") astonishingly quickly.

If I may be constructively critical, we should expect to provide provide at least some minimal evidence to justify claims such as one that something doesn't work, even if only as a link to discussion or evidence. This expectation increases when it's accompanied by advice or instruction, especially when such advice is counter to advice which is generally accepted as "good".

As @[email protected] mentions, a more serious problem of password reset via email disabling 2FA offers a workaround for now in at least some cases.