this post was submitted on 25 Jun 2023
5 points (100.0% liked)

Meta

1 readers
2 users here now

About

๐Ÿ—ž๏ธ FOSSware staff will post regular updates about this instance or other Fediverse topics in this community.


Rules

๐Ÿงพ General Instance Rules apply

Look at the side bar of the main feed.

๐Ÿ‘ฎ Only Staff Members can create Threads here

If you need help or want to ask a question, use /c/fossware_support. Thanks! ๐Ÿ˜ป


๐Ÿ”— Other Resources

founded 1 year ago
MODERATORS
 

Hello, guys!

As mentioned in the server maintenance post, 2FA is now available with Lemmy 0.18.0. However, the implementation seems to be borked.

Issues right now
  • Instead of a QR code as usual, users will be presented with a button that opens a link
  • There's no check whether or not the generated tokens work, 2FA is just being enabled without prior safety-check
  • This might be too complicated for non-tech-savvy users, and they're effectively locking themselves out of their accounts
  • After copying the generated secret to Bitwarden, the generated TOTP tokens don't seem to work anyway (didn't try with Aegis, etc.)

You can track the GitHub issue here.

Temporary Solution

Even though I'm not happy about it, I'll force-disable 2FA for now. If you enable it, it's gonna jump back to disabled after a short amount of time.

Gonna update you guys when this is fixed. Thank you!

top 4 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 0 points 1 year ago (1 children)

Darn got locked out of my NSFW account, how much time I have to wait?

[โ€“] [email protected] 1 points 1 year ago

Hey, there. Sorry, this auto-unlocking mechanism only works on my instance, social.fossware.space. Maybe contact the admins of your instance to have them unlock your account?

[โ€“] [email protected] 0 points 1 year ago (1 children)

This is kinda a huge deal, really great catch honestly. Most people have zero clue what your post even means, going to see a lot of people locked out because they didnโ€™t catch this.

[โ€“] [email protected] 1 points 1 year ago

Excatly. I hope it's gonna be fixed soon, because 2FA is pretty necessary nowadays.