When I click the set up 2FA thing in the account settings I then see the following
That button contains a link with a secret key, and some other things. What am I supposed to do with it? I want to set the 2FA up to use my authenticator on my phone.
Current 2FA implementation in Lemmy is a bit janky with the risk of being locked out.
First things first: DO NOT UNDER ANY CIRCUMSTANCES LOG OUT UNTIL YOU’RE 100% SURE YOUR AUTHENTICATOR WORKS AND THAT YOU CAN LOGIN USING ITS GENERATED 2FA CODE
Now that that’s out of the way, here are some steps to follow:
If you can’t get it to work then you can disable it in the window you’re still logged into.
If you share which authenticator you use, people might be able to give you more specific instructions to get you through step 1.
Whatever you do, don’t log out. You will be locked out!
Unlike most common implementations, there is no built in step to verify if you can successfully generate a TOTP before 2FA is fully enabled.
I use Memmy and used wefwef to confirm the 2FA after I setup the code in the web client. Very janky. But I guess it works?
That’s also a good way of verifying! As long as you go through the login process somewhere different than your current browser window you should be able to make sure it works properly.
If you do lock your self out, reset your password and after that it will log you back in. You can disable 2fa in the settings.
That sounds like a gaping security hole, but with how likely it is that you lock yourself out with the current 2FA implementation, I can’t be mad about it.
If all else fails you could also reach out to the admin of your instance I suppose and see if they can disable 2FA on your account, but I figured it’s best to avoid the headache altogether and just not log out until you’re 100% the 2FA works properly.