this post was submitted on 02 Jul 2023
6 points (100.0% liked)

Chat

7500 readers
18 users here now

Relaxed section for discussion and debate that doesn't fit anywhere else. Whether it's advice, how your week is going, a link that's at the back of your mind, or something like that, it can likely go here.


Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

If you go into your account settings you'll see a shiny new 2FA setup option. Once you check the box and reload there will be a button to there link your default 2FA application.

Now for Safari users on macOS who don't use Apple Keychain for your 2FA but rather a 3rd party app like 1Password or Bitwarden things are a little tricky. In order to get around linking it directly to Keychain you can right click the 2FA link and choose "inspect element." Scroll down slightly and you'll see that element highlighted in the new element window. Right click the highlighted area and select "copy link." That's the 2FA code which you can then paste in any 3rd party password manager.

top 6 comments
sorted by: hot top controversial new old
[–] Lionir@beehaw.org 2 points 1 year ago (2 children)

Please be very careful doing so. It's very easy to get locked out doing this.

[–] DrWeevilJammer@lm.rdbt.no 1 points 1 year ago

Yes. Lemmy 2FA uses SHA256 TOTP digests, which are newer (and better) than the SHA1 digests used as default by most authenticator apps.

Critically, Lemmy will not have you verify that the generated TOTP code works before locking it in, nor will it give you backup codes.

You should check the documentation of your authenticator app to see if any changes need to be made in the app prior to adding Lemmy 2FA.

If your app only supports SHA1, or you fail to follow your app's procedures to add an SHA256 digest, and you add the 2FA token generated by Lemmy, you're not getting back into that account.

Link to GitHub issue about this

[–] communication@beehaw.org 0 points 1 year ago (1 children)

Is that because it's implemented poorly, or are you giving a standard warning about 2FA?

[–] African_Grey@beehaw.org 0 points 1 year ago (1 children)

It’s not implemented well because it adds it to your account immediately without needing to confirm the code. This means if the user doesn’t know what they’re doing they could add 2FA and not copy the code correctly to their password manager resulting in a lockout.

[–] communication@beehaw.org 1 points 1 year ago (1 children)

Ouch! Might be wise to put a warning in your post.

[–] can@beehaw.org 1 points 1 year ago

Or even an edit to the title.