If you go into your account settings you’ll see a shiny new 2FA setup option. Once you check the box and reload there will be a button to there link your default 2FA application.
Now for Safari users on macOS who don’t use Apple Keychain for your 2FA but rather a 3rd party app like 1Password or Bitwarden things are a little tricky. In order to get around linking it directly to Keychain you can right click the 2FA link and choose “inspect element.” Scroll down slightly and you’ll see that element highlighted in the new element window. Right click the highlighted area and select “copy link.” That’s the 2FA code which you can then paste in any 3rd party password manager.
Please be very careful doing so. It’s very easy to get locked out doing this.
Yes. Lemmy 2FA uses SHA256 TOTP digests, which are newer (and better) than the SHA1 digests used as default by most authenticator apps.
Critically, Lemmy will not have you verify that the generated TOTP code works before locking it in, nor will it give you backup codes.
You should check the documentation of your authenticator app to see if any changes need to be made in the app prior to adding Lemmy 2FA.
If your app only supports SHA1, or you fail to follow your app’s procedures to add an SHA256 digest, and you add the 2FA token generated by Lemmy, you’re not getting back into that account.
Is that because it’s implemented poorly, or are you giving a standard warning about 2FA?
It’s not implemented well because it adds it to your account immediately without needing to confirm the code. This means if the user doesn’t know what they’re doing they could add 2FA and not copy the code correctly to their password manager resulting in a lockout.