this post was submitted on 24 Jun 2023
23 points (100.0% liked)

Lemmy

12508 readers
2 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

If you're like me, you're accustomed to setting up 2FA by having 1Password detect a QR code on-screen, but this doesn't work with Lemmy's 2FA since it never displays a QR code. Here's what you should do instead.

Start in Lemmy by enabling 2FA in your settings. When you save, scroll down again to the bottom of your settings. You'll now see a 2FA installation button. My first inclination was to click this button, but my Mac wanted to open it in the macOS keychain instead of 1Password. Instead, right click the button and copy the link. (It's styled as a button, but it's really just a plain link.)

Now, in 1Password, add a one-time password field to your Lemmy login. Paste the URL you copied from the button into the one-time password field. Save the login, and you should now see the one-time password displayed in 1Password.

You're actually done at this point. One thing that threw me off is that Lemmy's 2FA does not require a code validation step like many 2FA systems do. I validated it manually by logging out and logging back in. Lemmy asked me to enter the 2FA code, and I was able to copy/paste it from 1Password to log back in.

Hope this helps others who are confused like I was!

top 3 comments
sorted by: hot top controversial new old
[–] bdonvr 3 points 1 year ago

On mobile it opened it right up in Authy

Unfortunately it didn't seem to actually work since it rejected my codes every time.

Luckily setting up 2FA doesn't log you out of other sessions (which it should, for security). So I could open lemmy on my PC and disable 2FA there.

Definitely a WIP.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

on iOS is the default is Keychain. But, for Android we can select the authenticator preference. that is quite strange experience. I prefer when we want to setup the TOTP it would show up the barcode and we can scan it manually like Gmail or Outlook and that is fine.

[–] [email protected] 1 points 1 year ago

Thanks for the detailed post.

I encourage those of you who use your password manager for 2FA to consider that by having your second factor together with the password, they can both become compromised at the same time. Storing your second factor separately, e.g. using a different app with a different password, could help if your password manager database ever gets compromised, because then the attackers would only have access to your password, not your 2FA codes too.

load more comments
view more: next ›