When I click the set up 2FA thing in the account settings I then see the following

That button contains a link with a secret key, and some other things. What am I supposed to do with it? I want to set the 2FA up to use my authenticator on my phone.

  • Monologue@lemmy.zip
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    the way 2fa works is that there is a “seed”, the secret key that you mentioned. this is what will be creating the timed codes. in most applications this will be converted to a qr code for ease but you can still import it to your app of choice or use an extension to convert it to a qr code like @wigglingwalrus@lemm.ee said

    if you are interested here is a good video about it

  • lazyvar@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Current 2FA implementation in Lemmy is a bit janky with the risk of being locked out.

    First things first: DO NOT UNDER ANY CIRCUMSTANCES LOG OUT UNTIL YOU’RE 100% SURE YOUR AUTHENTICATOR WORKS AND THAT YOU CAN LOGIN USING ITS GENERATED 2FA CODE

    Now that that’s out of the way, here are some steps to follow:

    1. Ideally clicking on that button will open your authenticator which will then prompt you to select login credentials to attach it to; if it doesn’t and you instead are lead to a URL with a secret key or if you right click and you can copy that URL, then you need to manually copy the URL and paste it in the 2FA section of your authenticator or password manager
    2. Once you’ve figured this out don’t log out, instead open a private browser window and test to see if you can login with your credentials + 2FA

    If you can’t get it to work then you can disable it in the window you’re still logged into.

    If you share which authenticator you use, people might be able to give you more specific instructions to get you through step 1.

    Whatever you do, don’t log out. You will be locked out!
    Unlike most common implementations, there is no built in step to verify if you can successfully generate a TOTP before 2FA is fully enabled.