2FA in lemmy doesn’t work reliably yet. Please don’t enable it or you will almost certainly get locked out.
Note: it makes me sad to post this.
“…Also, we’re having some issues with your passwords so please everyone just post those here along with social security numbers if you’re American, thanks!”
I have never in my life seen a more concise demonstration of the adage, “without a threat model there can be no security, only paranoia”
This kinda sucks. I had enabled it awhile ago and it seems to have been working but the implementation was really odd, not requiring a verification of a code before it enabled.
I wonder if a different implementation of 2FA will come about from this…
ouch, you know its bad when a infosec Admin asks you to switch off 2fa…