Do you know how 2FA is disabled without your consent on Lemmy.world?

  • @MrKaplanA
    link
    English
    253 months ago

    Hi,

    this was unfortunately an error on our end.

    Please bear with us while we work on resolving this situation.

    • @MrKaplanA
      link
      English
      6
      edit-2
      3 months ago

      2FA has been restored for all LW users that had it enabled before and didn’t reactivate it on their own since.

      There will be an announcement posted later on explaining what happened.

      edit: announcement is out: https://lemmy.world/post/18503967

  • @[email protected]
    link
    fedilink
    Deutsch
    3
    edit-2
    3 months ago

    You should ask that in the community of your instance, not asklemmy. Asklemmy is not the support community.

  • walden
    link
    fedilink
    33 months ago

    Lemmy is beta software. One of the updates around the 0.19.0 mark (we’re up to 0.19.5 now, with 0.19.6 around the corner) changed the login stuff. I don’t remember the details, but instead of locking everyone out of their accounts, 2FA was disabled. The lemmy.world admins didn’t choose this, it’s just how the update worked.

    I don’t know what kind of communication or sticky posts were used during the upgrade, but I’m sure some people missed it, including OP.

    • @MrKaplanA
      link
      English
      83 months ago

      this was not a Lemmy bug.

      • walden
        link
        fedilink
        -23 months ago

        Right. Not a bug, but a decision by the developers in order to upgrade the 2FA stuff.

        • @MrKaplanA
          link
          English
          113 months ago

          this is a separate issue unrelated to the 0.19 update.

    • LightscriptionOP
      link
      03 months ago

      Ah, that must be it. 2FA is still a very good security feature to have.

      But there is nothing only you know that is still useful because a secret must be shared in order to be useful (unless you just have full disk encryption and then when it is unlocked and network connected, it is still vulnerable). In short, admins could change your password since you are not the sole admin of your own server but then you would have to have mass appeal to be “useful”, i.e. popular.

      In theory, Tim Cook might have a keybearer who could usurp the throne with all the proprietary OEM crypto keys that only the Company knows, but everyone knows who the CEO is and the keybearer could get in big trouble unless he had an army…

      Things can be changed on the server side and the network is not the same as the device: these are technology truths some people refuse to ever understand.