this post was submitted on 16 Jul 2023
7 points (100.0% liked)

Beehaw Support

2797 readers
1 users here now

Support and meta community for Beehaw. Ask your questions about the community, technical issues, and other such things here.

A brief FAQ for lurkers and new users can be found here.

Our September 2024 financial update is here.

For a refresher on our philosophy, see also What is Beehaw?, The spirit of the rules, and Beehaw is a Community


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.


if you can see this, it's up  

founded 2 years ago
MODERATORS
 

I go to Settings, check the "Set up 2-factor authentication" box, click Save, reload the page, but clicking on "2FA installation link" does nothing. I tried copying the "secret" value from the link and using it to manually add an account in my 2FA app (Authy) but that doesn't seem to work. The account gets added, but the codes it generates don't seem to work for logging in (using a different browser).

I really don't want to lock myself out. Am I doing something wrong, or is this a known issue?

you are viewing a single comment's thread
view the rest of the comments
[–] I_Am_Jacks_____@beehaw.org 1 points 1 year ago (7 children)

My experience: Beehaw/Lemmy is using a SHA256 hash for the secret key. A lot of 2FA apps only support SHA1. So you'll need to find one that supports SHA256. I used Google Authenticator. I thought I also saw that Microsoft Authenticator works too. Storing in Bitwarden doesn't work.

Good luck.

I would definitely do all my testing in private browsing or another browser while leaving a browser window logged in to disable 2FA should you need to.

[–] kkaosninja@beehaw.org 2 points 1 year ago (1 children)

I have Bitwarden. Don't have an issue. What issue did you run into?

[–] I_Am_Jacks_____@beehaw.org 2 points 1 year ago (1 children)

Storing the secret key inside bitwarden produced incorrect codes. Due to Bitwarden only supporting SHA1 while Lemmy/Beehaw using SHA256.

[–] kkaosninja@beehaw.org 3 points 1 year ago* (last edited 1 year ago) (1 children)

I just checked the 2FA codes stored in my Bitwarden. Ends with algorithm=SHA256&issuer=Beehaw. Also logged out and logged in again before posting this comment.

Don't think SHA-256 is the issue.

One usual cause of incorrect 2FA codes is incorrect system time. You can use https://time.is/ to see if that's the case.

[–] I_Am_Jacks_____@beehaw.org 1 points 1 year ago (1 children)

Maybe it's a Vaultwarden self-hosting issue (vs. using bitwarden.com). Or maybe it's that you're using the Bitwarden TOTP app whereas I'm referring to the Bitwarden password manager.

All of the other codes inside my Vaultwarden password manager are working except this one. I added "&algorithm=SHA256&issuer=Beehaw" and that did not help.

[–] ryonia@beehaw.org 4 points 1 year ago* (last edited 1 year ago) (1 children)

Not sure what the Bitwarden TOTP app is, totp is build into the default clients.

I'll also confirm that 2fa with beehaw at least is working for me. Vaultwarden shouldn't make a difference, it's just the data host, your client is the one decoding and then generating the otp.

My advice, you shouldn't have to add anything. Copy the totp link from your lemmy instance and paste the entire link into the Authenticator Key field in the bitwarden entry. The link should start with otpauth://totp/. Don't remove anything from the link, it'll work as is.

If you're finding it's still not giving you the correct code, the only other thing that comes to mind is to make sure your device's time is synced and accurate. TOTP codes are time sensitive, and if the device's time is desynced, you will get incorrect codes generated.

Good luck.

[–] I_Am_Jacks_____@beehaw.org 3 points 1 year ago (1 children)

You are, as you already know, absolutely right. I even found documention on the web supporting my findings so I didn't look further. But pasting the WHOLE URL allowed me to add it to Bitwarden.

Thank you!

[–] ryonia@beehaw.org 3 points 1 year ago
load more comments (5 replies)