Discussions related to Infosec.pub

1128 readers

8 users here now

founded 1 year ago

MODERATORS

[email protected]

113

Please don’t enable 2FA (infosec.pub)

submitted 1 year ago by [email protected] to c/[email protected]

20 comments fedilink hide all child comments

2FA in lemmy doesn’t work reliably yet. Please don’t enable it or you will almost certainly get locked out.

Note: it makes me sad to post this.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

The 2FA process itself - both initial setup and use with an OTP provider - has worked consistently for me so far. The instruction in the interface is misleading and I'm not the only one who locked himself out as a result. The Mastodon devs merged my pull request to clarify the instruction (including my mistake of saying "oauth" instead of "otpauth") astonishingly quickly.

If I may be constructively critical, we should expect to provide provide at least some minimal evidence to justify claims such as one that something doesn't work, even if only as a link to discussion or evidence. This expectation increases when it's accompanied by advice or instruction, especially when such advice is counter to advice which is generally accepted as "good".

As @[email protected] mentions, a more serious problem of password reset via email disabling 2FA offers a workaround for now in at least some cases.