• @blakestaceyA
    link
    English
    41 year ago

    Posted in the account requests (I just approved it):

    HELP: I enabled two-factor authentication on my other account, sneak, and when I logged out, the TOTP doesn’t work. The site didn’t give me seed words to log back in case this failed, and now I’m locked out of my account. Can you assist?

    • @selfOPMA
      link
      English
      31 year ago

      https://github.com/LemmyNet/lemmy/issues/3325 holy fuck that’s bad, lemmy generates TOTP links that don’t work with most authenticators and doesn’t verify with an initial 2fa code before enabling it

      @sneak2@awful.systems, you may be able to unlock your original account if you do the “forgot my password” flow, which apparently lets you disable 2fa (which also feels pretty insecure). that’ll require your account to have an email associated with it though. otherwise as soon as I’m at my computer I’ll run the query in that github issue to disable 2fa on your account and ping you when it’s fixed.

    • @selfOPMA
      link
      English
      21 year ago

      hoo boy let me look into this. I’m not too surprised 2fa is broken, but I may need to pop open the database to disable it since lemmy’s admin UI is pretty threadbare