Fediverse

28318 readers

425 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago

MODERATORS

ruud@lemmy.world

Xylinna@lemmy.world

MrCenny@lemmy.world

TragicNotCute@lemmy.world

automodbeta@lemmy.world

woelkchen@lemmy.world

2FA and You: Some tips for enabling 2FA (lemmy.world)

submitted 1 year ago* (last edited 1 year ago) by Rootiest@lemmy.world to c/fediverse@lemmy.world

32 comments fedilink hide all child comments

Given the recent attack, I think this is a good opportunity to remind of the importance of using 2FA.

(although it doesn't appear to make any difference in this case as session cookies were being exploited so login credentials were not needed)

But for me at least, this event has made me go back and take another shot at setting up 2FA.

I am happy to report I finally got it working on all my Lemmy accounts/instances, so I thought I'd share some tips:

I still haven't figured out how to set up via desktop, use a mobile browser.
Follow these steps:
- Check the enable 2fa box on your account settings and click Save
- A message will show about a button appearing when the page refreshes
- The button usually doesn't appear for me at first.
- You can simply manually refresh the page at this point to make the button appear
- The button should now be visible. Click the button.
- This opens a otpauth:// link which on a mobile device should be handled by a 2FA app if you have one installed.
Authy does not work: It will generate a code happily but that code will not work when you try to login to your Lemmy account.
Google Authenticator worked for me. It appears the type of TOTP code Lemmy is using is not compatible with some authenticator apps.

After several failed attempts previously, I finally figured out Authy was the problem and I have now secured all my Lemmy accounts with 2FA. Annoying that I have to use GA, but that appears to be an Authy issue not a Lemmy one.

2FA might not have made any difference today but it very well might in the future.

Stay safe everyone! 🔐

you are viewing a single comment's thread
view the rest of the comments

[–] clothes@lemmy.world 29 points 1 year ago (2 children)

It may not be wise to enable 2FA until Lemmy fixes the implementation. It's currently very easy to get permanently locked out of your account, through no fault of your own. Especially if you don't have an email address linked to your account.

[–] Rootiest@lemmy.world 2 points 1 year ago (1 children)

If you are concerned, I would suggest keeping another browser/device/etc logged in when trying to enable 2FA.
Then if the 2FA activation fails, you can use that second session (which does not get logged out when you enable 2FA) to then disable it again.

[–] clothes@lemmy.world 3 points 1 year ago

For sure! But I don't think non-advanced users should be enabling 2FA right now. It's puzzling that Lemmy pushed the feature in its current state to production.

[–] qwet@kbin.social 2 points 1 year ago (1 children)

This happened to me. I was going to try it and when I saw that the option wasn't what I expected, I intended to close it, but I guess either I didn't or it's buggy because it's enabled now and there's no encryption key, so no way to login. Then the server logged everyoner out cause of the hack. This was on lemmy.world, btw, I have an account on kbin too.

I sent an email, but no word yet obviously. I'm sure they're busy.

[–] clothes@lemmy.world 1 points 1 year ago

Jeez, that sucks. Hope you get back in soon!