Do you know how 2FA is disabled without your consent on Lemmy.world?

  • MrKaplan@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    1
    ·
    4 months ago

    Hi,

    this was unfortunately an error on our end.

    Please bear with us while we work on resolving this situation.

    • MrKaplan@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      edit-2
      4 months ago

      2FA has been restored for all LW users that had it enabled before and didn’t reactivate it on their own since.

      There will be an announcement posted later on explaining what happened.

      edit: announcement is out: https://lemmy.world/post/18503967

  • B0rax@feddit.org
    link
    fedilink
    Deutsch
    arrow-up
    3
    ·
    edit-2
    4 months ago

    You should ask that in the community of your instance, not asklemmy. Asklemmy is not the support community.

  • walden@sub.wetshaving.social
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    4 months ago

    Lemmy is beta software. One of the updates around the 0.19.0 mark (we’re up to 0.19.5 now, with 0.19.6 around the corner) changed the login stuff. I don’t remember the details, but instead of locking everyone out of their accounts, 2FA was disabled. The lemmy.world admins didn’t choose this, it’s just how the update worked.

    I don’t know what kind of communication or sticky posts were used during the upgrade, but I’m sure some people missed it, including OP.

    • Lightscription@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      4 months ago

      Ah, that must be it. 2FA is still a very good security feature to have.

      But there is nothing only you know that is still useful because a secret must be shared in order to be useful (unless you just have full disk encryption and then when it is unlocked and network connected, it is still vulnerable). In short, admins could change your password since you are not the sole admin of your own server but then you would have to have mass appeal to be “useful”, i.e. popular.

      In theory, Tim Cook might have a keybearer who could usurp the throne with all the proprietary OEM crypto keys that only the Company knows, but everyone knows who the CEO is and the keybearer could get in big trouble unless he had an army…

      Things can be changed on the server side and the network is not the same as the device: these are technology truths some people refuse to ever understand.