this post was submitted on 10 Jul 2023
103 points (98.1% liked)

Ask Lemmy

26991 readers
1268 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics. If you need to do this, try [email protected]


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected]. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 1 year ago
MODERATORS
 

Is there anything I can do, or is that account lost forever now? Resetting the password doesn't work (natch). Not a huge deal, but it's upsetting because I was modding a community from that account. Any tips/contacts would be appreciated. Cheers.

*** update: as per commenters suggesting, tried resetting password for that account once again, and I was successfully able to log in, go to my settings, then remove 2FA, and all seems good now

top 23 comments
sorted by: hot top controversial new old
[–] [email protected] 21 points 1 year ago

I did the same thing on a different Lemmy instance, probably for the same reason. I just created a pull request to fix the broken instructions - pull 88.

Nothing is lost, but I'm quite sure that the instance admin will need to disable 2FA in your account for you to regain access, however I suspect that the lemmy.world admin is going to be busy for a while due to the recent exploit.

[–] bleph 7 points 1 year ago

My guess is admins should be able to fix it

[–] fzacq9td 6 points 1 year ago (3 children)

if you used an email to register you can still recover your account

[–] nostromorises 6 points 1 year ago

this worked, wasn't working last night, but worked just now was able to log in after resetting password, so to settings, and remove 2FA, thanks

[–] [email protected] 2 points 1 year ago

This helped me, thanks!

[–] xantonin 1 points 1 year ago

This worked for me. The password reset link will log you in, and you can then disable 2FA and try again.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

Ah that sucks, was just talking about Lemmy's incomplete 2FA in a different post https://lemmy.world/post/1288267

You're right, unlike most websites/apps using 2FA Lemmy does not display a QR code.

You probably need to contact the admins for your Lemmy instance & see what they can do. (lemmy.world in your case)

[–] ChipsAHoey 6 points 1 year ago (1 children)

FWIW I found the string for 2FA if you right click open link in New window. Then you can read the string to import into an authenticator app from there. Had it generating codes but the codes wouldn't let me login on my app so I disabled for now. Hope they can fix this in the future.

[–] DannyMac 5 points 1 year ago

I tried to enable it and it didn't work... Luckily, I'm not locked out and was able to disable it.

[–] PsychicPsquirrel 5 points 1 year ago

Same thing happened to me. The link didn’t appear on mobile. After a password reset on a desktop browser, the 2fa link appeared.

[–] [email protected] 4 points 1 year ago

Always worth - whenever you change authentication settings - opening a new incognito tab and try signing in.
If it fails, hopefully your actual tab is still authenticated so you can disable/edit

[–] tallwookie 3 points 1 year ago (2 children)

I thought 2fa wasn't working correctly yet in 0.18.1

[–] [email protected] 2 points 1 year ago

Can you elaborate? I've got it enabled and working on my personal instance running 0.18.1. Is there an authentication check that isn't actually happening in the login flow or something?

[–] Kovu 3 points 1 year ago (1 children)

for some reason, which has to be fixed soon because it’s a huge security risk, you can log back into your account without 2fa after resetting your password via email

[–] Kovu 0 points 1 year ago

nvm, didn’t read the 2nd sentence lmao

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

This happened to me on my beehaw account when they first announced 2FA. The accounts are now gone for us. Just saw the edit... going to see if that works for me. I might be hosed though because I'm not sure I entered an email.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

tbh I'd be concerned that the devs would even think of pushing this kind of unfinished and broken feature to a live build

[–] [email protected] 1 points 1 year ago

FYI if this is because of the cross-site attack on Lemmy.world you should know 2FA will NOT help as the attacker accesses the JWT key directly which has already been signed in w/2FA. The only way to mitigate it is to use a native app and not the web or PWA version.

load more comments
view more: next ›