Hi, I want to add 2FA to my account but activating it won’t trigger my keepass app, I can see the setup code on URL which I can use it with keepass to generate tokens but website expects me to follow link so please add a manual activation for 2FA

  • @marswarrior
    link
    English
    1
    edit-2
    1 year ago

    I use keepassXC on linux.

    Copy the secret key from the url.
    otpauth://totp/Lemmy.world:username?secret=xxxxxxxxxxxxxxxxxxxxxxxxx&algorithm=SHA256&issuer=Lemmy.world

    Paste that here:

    I tried all this, I did get keepass to provide the 2FA code, but lemmy won’t accept it. I had to reset my password so I can get back in.

    • @eekrano
      link
      English
      11 year ago

      Same here. I added it to Keepass, then opened a private browser and tried to log in and it wouldn’t take it. So one of 2 things:

      1. Most sites have you enter a code to validate that you have it right before applying the changes to your account - I did not get this in Lemmy
      2. They simply don’t validate that you have 2FA set up correctly by asking you for a code prior to actually enabling it on your account and the log in with 2FA is broken.

      I went ahead and removed 2FA so I wasn’t locked out of my account if I get logged out somehow until this is fixed.

      • @marswarrior
        link
        English
        11 year ago

        Yeah I think it’s just not working correctly yet. 2FA should be removed until it’s fixed. I doubt the admins can remove it. Only the lemmy devs can.

    • ggnoredoOP
      link
      English
      11 year ago

      yes exactly the same issue i tried to decribe

  • @PriorProject
    link
    English
    1
    edit-2
    1 year ago

    I wouldn’t use 2fa until it requires a successful code check on setup, at this point you won’t know whether you’ve successfully enabled 2fa or locked yourself out until you next try to log in.

    See https://lemmy.eus/post/190738 for details.

  • Archerofyail
    link
    English
    11 year ago

    Yeah, I don’t know why they wouldn’t just generate a QR code that you can scan with your phone or give you the secret in text, like every other website does.