this post was submitted on 09 Aug 2024
3 points (66.7% liked)

Security Operations

570 readers
1 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 1 year ago
MODERATORS
L3s
3
How can 2FA be disabled without permission and what can I do about it? (self.secops)
submitted 3 months ago* (last edited 3 months ago) by lightscription to c/secops
3 comments fedilink hide all child comments
 

I use FreeOTP+ which is supposed to be developed by people from the Fedora project and is protected by fingerprint on Pixel. I discovered that my 2FA was disabled on lemmy.world after I logged out and then logged back in a day later instead of just keeping the auth cookie active in Vanadium. Since 2FA is required to change settings, how was this accomplished and what can I do to ensure that it doesn't happen again?

top 3 comments
sorted by: hot top controversial new old
[–] MrKaplan 5 points 3 months ago (2 children)

This was unfortunately an error on our end.

Please bear with us while we work on resolving this situation.

[–] partial_accumen 3 points 3 months ago

That is very humble honesty and will continue to earn you trust from your users.

[–] MrKaplan 2 points 3 months ago* (last edited 3 months ago)

2FA has been restored for all LW users that had it enabled before and didn't reactivate it on their own since.

There will be an announcement posted later on explaining what happened.

edit: announcement is out: https://lemmy.world/post/18503967