Is there a post saying they are aware?
darrsil
joined 2 years ago
Yeah, this just happened to me with Authy. Doesn't work with Authy, but it does work with Google Authenticator.
The fact that Lemmy doesn't require you to confirm the 2FA code before enabling it on your account is nuts. This needs to be fixed.
It may be an isolated incident, but it would have been avoided had Lemmy confirmed the 2FA code before enabling it on the account. Like standard practice.
Besides, this issue refutes your entire premise - that automated 2FA set up is flawless.
See this thread: https://lemmy.eus/post/190738
It's an issue with many different authenticators, and it's an issue with the way Lemmy sets up its 2FA and doesn't do a confirmation afterwards. This needs to be fixed.
That doesn't address the issue. Yeah, that makes setting up a code easy on your device - but the code still should be verified and confirmed as working by the website before 2FA is enabled on the account.
Case in point: I used your revered "automated 2FA key implementation" for Lemmy in Authy. It set up the account in my Authy list, and 2FA was supposed to be working. I opened an icognito tab, went to log in, put in my 2FA code and... it didn't work.
Luckily, I still had my settings open in my other window and was able to deactivate 2FA.
The code should be tested and confirmed by the site before it's enabled. Otherwise you can easily get locked out of your account. This is standard practice when implementing 2FA on websites.
Because you want to verify 2FA is set up correctly before you log in again. What if it isn't, and now you're locked out of your account with no backup code?
It may be automated on the OS end, but does it confirm back with the website to make sure the codes are the same?
Except you didn't confirm your 2FA codes to enable 2FA. You also don't have backup codes you can download.
It may have worked for you, but that doesn't mean it's working properly.
HP? Wunderground is owned by IBM.
I tend to use the Google built-in one (which is getting a revamp soon), but I also subscribe to Weather Channel. This is nice because if you subscribe on the web it gets rid of ads on all platforms - Android, iOS, and web. Sometimes there are issues where you have to log out and back in again, but it works.
Installing the PWA is simple (in Chrome). In the URL bar at the right side on the Lemmy homepage, you should see a little install icon that looks like a monitor with a downward facing arrow. Click that, and it will install the site like an app.
It has a PWA, use that to get the "app" feeling.
Not fixed, it's still happening.