I was surprised they didn't have backup codes or anything when I set it up so I got nervous hopefully they'll get added soon too.
this post was submitted on 17 Jul 2023
134 points (100.0% liked)
Blahaj Lemmy Meta
2445 readers
30 users here now
Blåhaj Lemmy is a Lemmy instance attached to blahaj.zone. This is a group for questions or discussions relevant to either instance.
founded 2 years ago
MODERATORS
This was me 😑
At least you had access to an app and could message us from your account.
Very true and also thank you!
Hopefully they add recovery keys to the 2FA setup sometime soon.
If you have an email address associated with your account you can follow the “forgot my password” account recovery process. This will log you in without prompting for your 2fa.
I’m not sure it’s great security, but it is a self-service recovery option if 2fa has locked you out.
I have completed that process and upon login I am still being prompted for 2fa that I did not set up.
Here’s the process I used a few weeks ago. I’m going from memory and things may have changed since then, this may no longer work.
- Click “forgot password” on the login page of your instance.
- Enter your email address
- Click the link you receive in your email
- Enter your current password in both fields and click Save
- You will be logged in. Go to your settings and disable 2fa.
Thanks for this. I'll keep it in the toolbox of things I get people to try
Did this, see above. Did not work.
That's an interesting way to handle the issue
oh yeah there's no confirmation for setting up 2fa right now, so make sure you got codes going before logging out
That is bonkers!
The 2FA is so secure even the user can't access their account. 😛
I feel bad for you on this one, clearly some 2FA is better than no 2FA, but the implementation of this from the Lemmy devs leaves a lot to be desired. Ah well, they are clearly trying, and I am sure it will get better
I'm getting prompted for 2fa and I never set it up! The 2fa apps I use would have this site added to their list if I had. @Ada, any suggestions?
Someone else said that you can do a password reset to login without 2fa. I haven't tested it, but it's worth trying
Yeah, that didn't work for me. Do you have any recommendations, as the administrator of this instance, on how a user can remediate a 2fa implementation that is failing so wildly that it requires this thread to exist? Do you have a "whoops, do over" button?
The brutal truth is that Lemmy as a platform isn't mature and probably wasn't ready for the scale of growth.
I'm trying to put out fires for an app I didn't develop and have no input in to. I wish there was an oops button!
What I'll get you to do is DM me the email address of the account that's locked. I'll confirm the email address and then send you an email at that address