TL;DR: Lemmy generates SHA-256 TOTP digest which may be unsupported by some authenticator apps. https://github.com/LemmyNet/lemmy/issues/3309#issuecomment-1605259241 Thanks to this it may seem the authenticator is set up, yet it won’t generate correct tokens.

When lemmy.sdf.org got updated to version 0.18.0, the first thing I did was that I set up 2FA. Or so I thought. I went to settings, checked “Set up 2-factor authentication”, clicked save, and then clicked on the installation button which opened up the authenticator app I use, Cisco DUO. I saved it, and seeing that it was generating codes, I thought “Good”.
Today I wanted to log into Lemmy on my laptop. I enter username and password, and get prompted for TOTP token. I take my phone and get the token from Cisco DUO authenticator, type it into the TOTP field, and it doesn’t work. So I tried again, and again, and again,… I see. It doesn’t work.
I went on the internet to search for the issue, and found the comment mentioned above and this request on GitHub.
Thankfully I was still logged in on my phone and I was able to remove 2FA.

Who knows, but there may already be bunch of people who won’t be able to reply. Rest in peace.

  • fmstrat@lemmy.nowsci.com
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Even more strange is the use of DUO voluntarily. Can I ask why? I’m guessing work or a limited OpenVPN setup?

    • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.orgOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Originally I just wanted to set up 2FA on NetAcad and this is what they recommended, and I liked the UI more than Google Authenticator.

      It works, and allows backups. Since I originally wanted to use it just for NetAcad, I didn’t care. And I still don’t see any problems with it. Or, well, now I do.