Right now, 2FA is half-baked. You can enable it and it gives you a link to sync it to an authenticator app, which only works on mobile. But there’s no confirmation required to enable it, so you may think it’s working with your code but it doesn’t take. This will lock people out of accounts.

It really should be disabled until it’s fully fleshed out. In the meantime, give us the option to send 2FA codes to the verified email on file.

UPDATE: Read this post here: https://lemmy.sdf.org/post/405431

It’s clear that the Lemmy implementation of 2FA is flawed as it a) doesn’t work with all authenticator apps, and b) doesn’t verify the code is working before it enables 2FA on the account.

It needs to be disabled until this is fixed.

You are viewing a single thread.
View all comments View context
1 point

In iOS, the activation of 2FA is an automated process, eliminating the need for a separate 2FA code to confirm its enablement.

I agree with your observation regarding the unavailability of backup codes for download.

permalink
report
parent
reply
2 points

It may be automated on the OS end, but does it confirm back with the website to make sure the codes are the same?

permalink
report
parent
reply
-2 points

You can easily verify if 2FA is set up correctly during your next login. I’m having trouble identifying the problem in this situation.

permalink
report
parent
reply
3 points

Because you want to verify 2FA is set up correctly before you log in again. What if it isn’t, and now you’re locked out of your account with no backup code?

permalink
report
parent
reply

Lemmy.world Support

!support@lemmy.world

Create post

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket


You can also DM https://lemmy.world/u/lwreport or email report@lemmy.world (PGP Supported) if you need to reach our directly to the admin team.


Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world



Community stats

  • 174

    Monthly active users

  • 822

    Posts

  • 6K

    Comments