Heads up that we’ve bumped the UI up to 0.18.2-rc.1, which should resolve the current exploit that was seen on lemmy.world.

We’ve also logged out all currently logged in users as part of it, so you’ll need to login again.

  • TheMadIrishman@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Can I copy the link it generates and put it directly into my app that handles 2FA? (1password). Thought about trying it, but I didn’t see any recovery codes and am not keen on getting locked out.

    • durablenapkin@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      1 year ago

      This worked for me in Bitwarden: note since Lemmy 2FA uses SHA256 you have to copy/paste the entire link and not just the secret token. If you copy/paste just the secret token most password managers with TOTP generation have it defaulted to SHA1.

    • grte@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Worth noting that turning on 2FA doesn’t log you out of your current session so you have the opportunity to turn it back off again if you can’t copy it over in this way.