this post was submitted on 09 Aug 2024
8 points (64.3% liked)

Asklemmy

43851 readers
1693 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

Do you know how 2FA is disabled without your consent on Lemmy.world?

top 9 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 24 points 3 months ago (1 children)

Hi,

this was unfortunately an error on our end.

Please bear with us while we work on resolving this situation.

[โ€“] [email protected] 6 points 3 months ago* (last edited 3 months ago)

2FA has been restored for all LW users that had it enabled before and didn't reactivate it on their own since.

There will be an announcement posted later on explaining what happened.

edit: announcement is out: https://lemmy.world/post/18503967

[โ€“] [email protected] 12 points 3 months ago

Ask your instance administrator.

[โ€“] [email protected] 3 points 3 months ago (2 children)

Lemmy is beta software. One of the updates around the 0.19.0 mark (we're up to 0.19.5 now, with 0.19.6 around the corner) changed the login stuff. I don't remember the details, but instead of locking everyone out of their accounts, 2FA was disabled. The lemmy.world admins didn't choose this, it's just how the update worked.

I don't know what kind of communication or sticky posts were used during the upgrade, but I'm sure some people missed it, including OP.

[โ€“] [email protected] 8 points 3 months ago (1 children)
[โ€“] [email protected] -2 points 3 months ago (1 children)

Right. Not a bug, but a decision by the developers in order to upgrade the 2FA stuff.

[โ€“] [email protected] 11 points 3 months ago

this is a separate issue unrelated to the 0.19 update.

[โ€“] [email protected] 0 points 3 months ago

Ah, that must be it. 2FA is still a very good security feature to have.

But there is nothing only you know that is still useful because a secret must be shared in order to be useful (unless you just have full disk encryption and then when it is unlocked and network connected, it is still vulnerable). In short, admins could change your password since you are not the sole admin of your own server but then you would have to have mass appeal to be "useful", i.e. popular.

In theory, Tim Cook might have a keybearer who could usurp the throne with all the proprietary OEM crypto keys that only the Company knows, but everyone knows who the CEO is and the keybearer could get in big trouble unless he had an army...

Things can be changed on the server side and the network is not the same as the device: these are technology truths some people refuse to ever understand.

[โ€“] [email protected] 3 points 3 months ago* (last edited 3 months ago)

You should ask that in the community of your instance, not asklemmy. Asklemmy is not the support community.