How was my 2FA on Lemmy turned off and why? (lemmy.world)

submitted 1 month ago by lightscription@lemmy.world to c/asklemmy@lemmy.ml

9 comments fedilink hide all child comments

Do you know how 2FA is disabled without your consent on Lemmy.world?

top 9 comments

sorted by: hot top controversial new old

[-] MrKaplan@lemmy.world 24 points 1 month ago

Hi,

this was unfortunately an error on our end.

Please bear with us while we work on resolving this situation.

[-] MrKaplan@lemmy.world 6 points 1 month ago* (last edited 1 month ago)

2FA has been restored for all LW users that had it enabled before and didn't reactivate it on their own since.

There will be an announcement posted later on explaining what happened.

edit: announcement is out: https://lemmy.world/post/18503967

[-] vk6flab@lemmy.radio 12 points 1 month ago

Ask your instance administrator.

[-] walden@sub.wetshaving.social 3 points 1 month ago

Lemmy is beta software. One of the updates around the 0.19.0 mark (we're up to 0.19.5 now, with 0.19.6 around the corner) changed the login stuff. I don't remember the details, but instead of locking everyone out of their accounts, 2FA was disabled. The lemmy.world admins didn't choose this, it's just how the update worked.

I don't know what kind of communication or sticky posts were used during the upgrade, but I'm sure some people missed it, including OP.

[-] MrKaplan@lemmy.world 6 points 1 month ago

this was not a Lemmy bug.

[-] walden@sub.wetshaving.social -2 points 1 month ago

Right. Not a bug, but a decision by the developers in order to upgrade the 2FA stuff.

[-] MrKaplan@lemmy.world 11 points 1 month ago

this is a separate issue unrelated to the 0.19 update.

[-] lightscription@lemmy.world 0 points 1 month ago

Ah, that must be it. 2FA is still a very good security feature to have.

But there is nothing only you know that is still useful because a secret must be shared in order to be useful (unless you just have full disk encryption and then when it is unlocked and network connected, it is still vulnerable). In short, admins could change your password since you are not the sole admin of your own server but then you would have to have mass appeal to be "useful", i.e. popular.

In theory, Tim Cook might have a keybearer who could usurp the throne with all the proprietary OEM crypto keys that only the Company knows, but everyone knows who the CEO is and the keybearer could get in big trouble unless he had an army...

Things can be changed on the server side and the network is not the same as the device: these are technology truths some people refuse to ever understand.

[-] B0rax@feddit.org 3 points 1 month ago* (last edited 1 month ago)

You should ask that in the community of your instance, not asklemmy. Asklemmy is not the support community.

this post was submitted on 09 Aug 2024

9 points (66.7% liked)

Asklemmy

43383 readers

1381 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS