I’ve added the Secret key to my OTP app, but it never works. When I try to login it just spins and stops - no message what’s wrong.
I panic’d when LemmyWorld logged out everyone and I couldn’t get back in, but luckily with a password reset I’m back in. Still, can anyone else get 2FA working?
I just tried again, and nothing.
I use it with bitwarden and I needed to copy the whole URL into the secret field. Then it worked for me. Try again while stayed logged in on another Browser or a second device 🌞
haha, I think I missed you posting this right before I found the same thing. thanks!
Okay, I got it. I’m using BitWarden and I was putting in the exact secret key into the OTP field, not the full URI. After doing the full URI, it works. Hope this helps anyone else.
I didn’t know I could do that until checking the BitWarden page: https://bitwarden.com/help/authenticator-keys/
The best practice when setting up 2fa would be for Lemmy to confirm a code before applying the change, to verify that OTP token generation is working as expected. It’s mildly dangerous use 2fa on Lemmy in its current state due to the absence of that feature. Though as you note, password reset bypasses 2fa.
