this post was submitted on 27 Nov 2023
474 points (96.7% liked)
Announcements
23319 readers
1 users here now
Official announcements from the Lemmy project. Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.
You can also find major news on join-lemmy.org
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I seem to have been screwed over by TOTP.
Hearing that this update was supposed to make borking your account harder to do when setting it up, I enabled it. Put the secret in my authenticator app, got my six digit code, and away I went.
Now, a few days later, having changed nothing on my end, Lemmy.ml won't accept my TOTP code. My session token on desktop is expired so I can't remove it now.
Currently my only lifeline to this account is my logged in session in Voyager, which, as far as I can tell, cannot access the TOTP setting. (Or any profile setting, for that matter... am I just stupid?)
No email to recover from, either. That's on me, I guess. Ugh.
Not sure what my recourse is, if I even have any.
Have you tried logging in through other apps to see if they’ll take your TOTP?
Connect, Sync, and Boost all told me to go kick rocks.
Evidently, whatever happened, it doesn't seem to be an issue with your platform.
Ok, and you’re getting a new 6-digit code from your authenticator app every time you attempt to log in?
Yes.
I noticed my authenticator app (KeePassXC) offers the ability to customize the TOTP parameters (SHA function, time step, code size). But no combination of settings seems to produce a valid code.
I assume Lemmy uses the suggested defaults in the RFC 6238 standard?
I think using an authenticator app capable of generating codes using SHA256 might do the trick if you have any possibility to try that.