• 5 Posts
  • 22 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle




















  • That doesn’t address the issue. Yeah, that makes setting up a code easy on your device - but the code still should be verified and confirmed as working by the website before 2FA is enabled on the account.

    Case in point: I used your revered “automated 2FA key implementation” for Lemmy in Authy. It set up the account in my Authy list, and 2FA was supposed to be working. I opened an icognito tab, went to log in, put in my 2FA code and… it didn’t work.

    Luckily, I still had my settings open in my other window and was able to deactivate 2FA.

    The code should be tested and confirmed by the site before it’s enabled. Otherwise you can easily get locked out of your account. This is standard practice when implementing 2FA on websites.