2FA Auth with Lemmy will give more security to the account, and having both a secret key, and qr code will allow any 2FA app to work with it.

Backup codes would also, be a plus with a button to export them into a .txt file.

  • Thann
    link
    fedilink
    arrow-up
    4
    arrow-down
    2
    ·
    edit-2
    3 years ago

    yes please!

    Only problem is admins have to have a way of “resetting” 2FA when users inevitably loose their phone =/

    • beansniffer
      link
      fedilink
      arrow-up
      4
      ·
      3 years ago

      Why would it be the responsibility of the admins if users don’t have proper backups? Wouldn’t the ability to reset 2FA completely negate the advantages of it if the admins can be subject to a phishing attack that removes 2FA from someones account?

      • Thann
        link
        fedilink
        arrow-up
        2
        arrow-down
        3
        ·
        3 years ago

        most people are stupid, so most people will lose 2fa, so most people on your instance will be locked out.

        You can not like this, but its what will happen if you allow 2fa without having any recovery methodology =/

        • beansniffer
          link
          fedilink
          arrow-up
          4
          ·
          3 years ago

          most people are stupid, so most people will lose 2fa, so most people on your instance will be locked out.

          idk sounds like a good way to filter out stupid people lmao

        • PointyFluff
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          3 years ago

          that’s not how it works. It’s not the admin’s job to fix your password stupid.