Thanks for sharing! Strange that it didn’t require a TOTP code to enable the 2FA. Most services verify that the users 2FA mechanism works before enabling it.
Lemmy
Everything about Lemmy; bugs, gripes, praises, and advocacy.
For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.
Even more strange is the use of DUO voluntarily. Can I ask why? I'm guessing work or a limited OpenVPN setup?
Originally I just wanted to set up 2FA on NetAcad and this is what they recommended, and I liked the UI more than Google Authenticator.
It works, and allows backups. Since I originally wanted to use it just for NetAcad, I didn't care. And I still don't see any problems with it. Or, well, now I do.
Authenticator Pro works fine but Microsoft Authenticator doesn't.
Yeah, this just happened to me with Authy. Doesn't work with Authy, but it does work with Google Authenticator.
The fact that Lemmy doesn't require you to confirm the 2FA code before enabling it on your account is nuts. This needs to be fixed.
Does it not ask you to enter a generated code before actually enabling it to verify that it actually works? That's weird, that's usually how it's done.
EDIT: ah yeah, that's what the bug is about.
1Password supports this format