With the recent security concern with lemmy.world, someone recommended I enable 2FA. I checked the box on my web browser and a toast message instructed me to click a link below to complete the 2FA, but a link never appeared. I left my account settings and came back, and 2FA was not checked, so I assumed it just didn’t go through.
Except, I tried logging into another browser and it’s asking for my 2FA code. I cannot log in without it, and it is still showing as disabled on my account, so I don’t know how I can disable it again.
Any ideas? Can an admin disable that for an account?
I heard other similar reports that 2FA in Lemmy is kinda buggy so I haven’t tried to set it up myself yet.
That asides, I heard that the vulnerability would not be stopped by 2FA because it steals the “logged in” cookie, so they are “already logged in”. Edit: lemm.ee is not vulnerable in any case.
I loaded lemmy on the mobile browser again later today, and it was all fine. I cleared my account cache from the one browser I was still logged in to, but I honestly have no idea what fixed it. I guess I’ll just leave it off for the moment.
Thanks for the reply
Reset your password. That should disable the 2fa.
I have the same problem on lemm.ee… I reset PW, but it did not disable 2FA. I’m locked out, and I JUST SIGNED UP. Nothing happened when I turned on 2FA. No link, no keys, no QR code. This is frustrating.
I have noticed that account settings seem to take a little to come into effect.
