7
2FA Should Be Disabled As It Doesn't Work (lemmy.world)
submitted 1 year ago by packetloss@lemmy.world to c/support@lemmy.world
4 comments fedilink hide all child comments

The 2FA feature does not work, at least on this instance. I haven't tried it on other instances.

Enabling the 2FA option and refreshing the page generates a OTPAUTH link to add the TOTP code to an authenticator app of your choosing, which is fine. The problem is that the TOTP codes that the secret generates are not valid, and a user cannot login using the 2FA TOTP codes that are generated.

I have confirmed this on several different devices and authenticators.

Admins... it might be a good idea to disable this feature until it's working properly to avoid people getting locked out of their accounts because they can never provide a valid TOTP code.

all 5 comments
sorted by: hot top controversial new old
[-] C4d@lemmy.world 2 points 1 year ago

Either something is happening acutely, or there’s something atypical / different about your setup.

The feature has been present for a long time and multiple instances use it. If it failed regularly, the amount of complaints we would see here and on other instances, and the headache the dev and admin teams would have on the back of all the support tickets, would be inescapable.

[-] Sami@lemmy.zip 1 points 1 year ago* (last edited 1 year ago)

Try using KeePassXC. It works with that.

[-] packetloss@lemmy.world 4 points 1 year ago

I tried Google Authenticator, Bitwarden, Duo Authenticator, and Microsoft Authenticator. I also tried on mobile (Android) and on desktop.

In all cases the authenticator was giving me a 6 digit code, but the code was not valid. If I used the same secret on multiple authenticators they all gave me the same TOTP codes, which is expected, but the codes wouldn't work. So even though multiple authenticators are displaying the same TOTP code, the code the site is expecting doesn't match. Meaning the site is not using the secret it generated properly.

[-] Sami@lemmy.zip 1 points 1 year ago

Yeah I know it sucks. I tried some of those too but only KeePassXC worked for me.

this post was submitted on 11 Aug 2023
7 points (81.8% liked)

Lemmy.world Support

3191 readers
2 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge

You can also DM https://lemmy.world/u/lwreport or email report@lemmy.world (PGP Supported) if you need to reach our directly to the admin team.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world

founded 1 year ago
MODERATORS
ruud@lemmy.world
MrKaplan@lemmy.world
jelloeater85@lemmy.world
lwadmin@lemmy.world
Serinus@lemmy.world