I’ve added the Secret key to my OTP app, but it never works. When I try to login it just spins and stops - no message what’s wrong.
I panic’d when LemmyWorld logged out everyone and I couldn’t get back in, but luckily with a password reset I’m back in. Still, can anyone else get 2FA working?
I just tried again, and nothing.
Okay, I got it. I’m using BitWarden and I was putting in the exact secret key into the OTP field, not the full URI. After doing the full URI, it works. Hope this helps anyone else.
I didn’t know I could do that until checking the BitWarden page: https://bitwarden.com/help/authenticator-keys/
The best practice when setting up 2fa would be for Lemmy to confirm a code before applying the change, to verify that OTP token generation is working as expected. It’s mildly dangerous use 2fa on Lemmy in its current state due to the absence of that feature. Though as you note, password reset bypasses 2fa.