Hello, guys!
As mentioned in the server maintenance post, 2FA is now available with Lemmy 0.18.0. However, the implementation seems to be borked.
Issues right now
- Instead of a QR code as usual, users will be presented with a button that opens a link
- There’s no check whether or not the generated tokens work, 2FA is just being enabled without prior safety-check
- This might be too complicated for non-tech-savvy users, and they’re effectively locking themselves out of their accounts
- After copying the generated secret to Bitwarden, the generated TOTP tokens don’t seem to work anyway (didn’t try with Aegis, etc.)
You can track the GitHub issue here.
Temporary Solution
Even though I’m not happy about it, I’ll force-disable 2FA for now. If you enable it, it’s gonna jump back to disabled after a short amount of time.
Gonna update you guys when this is fixed. Thank you!
This is kinda a huge deal, really great catch honestly. Most people have zero clue what your post even means, going to see a lot of people locked out because they didn’t catch this.
Excatly. I hope it’s gonna be fixed soon, because 2FA is pretty necessary nowadays.