this post was submitted on 10 Jul 2023
103 points (99.0% liked)

Lemmy.ca's Main Community

2814 readers
1 users here now

Welcome to lemmy.ca's c/main!

Since everyone on lemmy.ca gets subscribed here, this is the place to chat about the goings on at lemmy.ca, support-type items, suggestions, etc.

Announcements can be found at https://lemmy.ca/c/meta

For support related to this instance, use https://lemmy.ca/c/lemmy_ca_support

founded 3 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
103
UI updated to 0.18.2-rc1 (lemmy.ca)
submitted 1 year ago by [email protected] to c/[email protected]
37 comments fedilink hide all child comments
 

Heads up that we've bumped the UI up to 0.18.2-rc.1, which should resolve the current exploit that was seen on lemmy.world.

We've also logged out all currently logged in users as part of it, so you'll need to login again.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (1 children)

Same. Click the link button and nothing happens.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)

The link starts with otpauth://, which will likely do nothing on desktop. Either click on it from a mobile device, or on desktop you can use an addon like Offline QR Code Generator (Firefox), then right-click the link and select QR code from link. This will show a QR code you'll be able to enroll in any TOTP app. Hopefully they'll add an option to display a QR code when using the desktop interface in newer versions of Lemmy.

[–] [email protected] 2 points 1 year ago (2 children)

Can I copy the link it generates and put it directly into my app that handles 2FA? (1password). Thought about trying it, but I didn’t see any recovery codes and am not keen on getting locked out.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

This worked for me in Bitwarden: note since Lemmy 2FA uses SHA256 you have to copy/paste the entire link and not just the secret token. If you copy/paste just the secret token most password managers with TOTP generation have it defaulted to SHA1.

[–] [email protected] 3 points 1 year ago

Good shit. Appreciate ya.

[–] [email protected] 1 points 1 year ago

Worth noting that turning on 2FA doesn't log you out of your current session so you have the opportunity to turn it back off again if you can't copy it over in this way.