I remind you that Lemmy.world has recently implemented the ability to enable two-factor authentication.
To enable it, go to your profile settings and find the 2FA button at the bottom. Once you click on “Save” the page will reload and you will have a new “2FA installation link” button that will allow you to save the authentication seed.
Remember to always save the seeds and/or QR codes of accounts with two-factor authentication. Many password managers like Biwarden or KeePassXC allow you to save 2FA codes. However, this would mean that together with the credentials such as email and password there will also be 2FA creating a single breaking point which in some cases is not convenient.
An alternative is to use 2FA applications such as Aegis, FreeOTP, and others (I would avoid Authy because it requires a phone number) or use keys such as Yubikey and the like.
Please dont use it for now! It doesnt work at all!
But if it works i can recommend “ente authentication” its open source and works great!
And for security reasons i would NOT recommend the seeds and/or QR codes as it adds a breaking point, because with those anyone can snoop your TOTP codes and steal everything.
Please dont use it for now! It doesnt work at all!
I’m not sure of the answer, I just tried to save the 2FA code using Aegis. To be precise:
- Samsung Galaxy S5 (good vintage)
- Android 6.0.1, patched 1 Apr 2017
- Aegis 2.1.3 (Play Store)
By importing the code and specifying the algorithm requested by Lemmy: SHA256, the import went correctly and I can access the account with the 2FA code.
But if it works I can recommend “ente authentication” its open source and works great
Agree with you, in the post I mentioned others precisely because, fortunately, there’re many alternatives to manage 2FA suits. Both Aegis and FreeOTP are open source and usually, the ones I hear most recommended. Obviously, your choice is also completely correct, as long as the project is open source and above all maintained it can certainly be software to be evaluated.
And for security reasons I would NOT recommend the seeds and/or QR codes as it adds a breaking point
Still totally agree, as I wrote in “bold” in the post, it’s not advisable. However, we must bear in mind that each user has his own needs and therefore may prefer, for certain credentials, greater usability rather than greater security. We could extend this speech indefinitely, you don’t imagine on all the other social networks, blogs, sites, etc. where users insult each other about how to manage 2FA codes.
I absolutely want to avoid this, I don’t want another social network where I can dedicate passion and then only see users getting pissed off with each other.
As said, I agree with you, but in the end, the choice depends exclusively on the user and his needs.
PS: sorry if my tone may seem mean but it’s not at all, indeed I love to see that the community grows and that there are people like you and others who interact with each other! ❤️
Oh ok so the link doesnt work at all you have to import the code manually? Because i clicked on the url and i tried on microsoft authenticator it added it and generated the code BUT the code was not correct. I will test another authenticator
Apparently with some authenticators the link provided by Lemmy will not be “formatted” according to the “rules” of the application that is used to store the 2FA codes (I’m just guessing and I’m not sure), but you can copy the button link “2FA installation link” finding something like:
otpauth://totp/Lemmy.world:[your name account]?secret=[your secret seed for 2FA]&algorithm=SHA256 etc
On Aegis I simply manually added a new element, copy [your secret seed for 2FA] and specify the SHA256 algorithm, all other parameters I left default.
But before logging out of your account, try for example on another browser or on a different device if everything works correctly, in my case it didn’t give me any problems, I hope that in the future Lemmy will make this easier.
Tried it, but didn’t work with Microsoft Authenticator (don’t judge me). Somehow the code I get is wrong.
I was afraid I got locked out of my account, but after a password reset you are logged in and can disable 2FA.
Microsoft Authenticator (don’t judge me)
Don’t worry, everyone is free to use any product and software they are comfortable with, the important thing is always to have a backup to avoid, as you said, being “locked out”! ☺️
Somehow the code I get is wrong
Anyway, I’m not sure but maybe you can try this, copy the link when you press the “2FA installation link” button, and you will have something like this: otpauth://totp/Lemmy.world:[your name account]?secret=[your secret seed for 2FA]&algorithm=[bla bla bla]
Copy [your secret seed for 2FA] and put it in the authenticator you use.
Unfortunately, I don’t use Microsoft Authenticator so I can’t verify but this can be a starting point for sure.
Thanks, I’ll try that on the desktop.
Doing it all from my phone is probably half the reason it didn’t work.