With the recent security concern with lemmy.world, someone recommended I enable 2FA. I checked the box on my web browser and a toast message instructed me to click a link below to complete the 2FA, but a link never appeared. I left my account settings and came back, and 2FA was not checked, so I assumed it just didn’t go through.

Except, I tried logging into another browser and it’s asking for my 2FA code. I cannot log in without it, and it is still showing as disabled on my account, so I don’t know how I can disable it again.

Any ideas? Can an admin disable that for an account?

  • Mythril@lemm.ee
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    I heard other similar reports that 2FA in Lemmy is kinda buggy so I haven’t tried to set it up myself yet.

    That asides, I heard that the vulnerability would not be stopped by 2FA because it steals the “logged in” cookie, so they are “already logged in”. Edit: lemm.ee is not vulnerable in any case.

    • loopy@lemm.eeOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      I loaded lemmy on the mobile browser again later today, and it was all fine. I cleared my account cache from the one browser I was still logged in to, but I honestly have no idea what fixed it. I guess I’ll just leave it off for the moment.

      Thanks for the reply

    • Alien Surfer@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I have the same problem on lemm.ee… I reset PW, but it did not disable 2FA. I’m locked out, and I JUST SIGNED UP. Nothing happened when I turned on 2FA. No link, no keys, no QR code. This is frustrating.

  • Mogofwin@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I have noticed that account settings seem to take a little to come into effect.