The 2FA feature does not work, at least on this instance. I haven’t tried it on other instances.

Enabling the 2FA option and refreshing the page generates a OTPAUTH link to add the TOTP code to an authenticator app of your choosing, which is fine. The problem is that the TOTP codes that the secret generates are not valid, and a user cannot login using the 2FA TOTP codes that are generated.

I have confirmed this on several different devices and authenticators.

Admins… it might be a good idea to disable this feature until it’s working properly to avoid people getting locked out of their accounts because they can never provide a valid TOTP code.

  • C4d@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Either something is happening acutely, or there’s something atypical / different about your setup.

    The feature has been present for a long time and multiple instances use it. If it failed regularly, the amount of complaints we would see here and on other instances, and the headache the dev and admin teams would have on the back of all the support tickets, would be inescapable.