I would be cautious about viewing any Lemmy.world communities right now, and the Beehaw admins should make sure their credentials are locked down in case they get targeted next.

you are viewing a single comment's thread
view the rest of the comments

[–] pwacata@beehaw.org 11 points 1 year ago (1 children)

If done via hacked admin credentials, this is a great advertisement for enabling 2FA anywhere it's supported. AIUI Lemmy is also getting support for this for user accounts soon (https://github.com/LemmyNet/lemmy/issues/2363)

[–] NotMerritStone@beehaw.org 4 points 1 year ago (1 children)

Oh wait, so 2FA doesn't fully work yet? I guess that explains why I've been having such a hard time trying to get it set up.

[–] darrsil@beehaw.org 5 points 1 year ago

It works, but it's half-assed. The way Lemmy sets it up only works on a portion of authenticators, and ones like Authy isn't one of them. Then it also doesn't have a confirmation before enabling it, so you may think it's working but then get locked out of your account when you can't log in next time around.

The best way to test it is to enable 2FA and set up the code, but keep your Lemmy settings open. Then open an incognito window and see if you can log in using the 2FA code. If you can't, go back to the settings window and disable 2FA.