I had an issue logging into Twitch last night for the first time in a while. I just didn’t get any 2FA messages delivered to me, until about 12 hours later when I was asleep and they were probably long invalidated. and now suddenly I can’t log in to my MVD either. Apparently there’s some sort of SMS short+long code outage (according to the twilio status page in North America, which is mildly infuriating when this is already shown to be a pretty sketchy 2FA mechanism, at least theoretically.

Just curious if anybody else has noticed issues or if that’s just me. And also, I really hate SMS 2FA.

  • ΛdΛm_𝒷@infosec.pubEnglish
    21·
    2 years ago

    Speaking of auth apps, I got blocked from logging in to my second Lemmy account because the codes generated are wrong, it’s bizarre, resetting the Passwords doesn’t remove 2FA so my account is lost 🙄

    • NaN@lemmy.sdf.orgEnglish
      3·
      2 years ago

      Instance Admins can remove it from an account. Given your instance they may not do so though.

    • Darkassassin07@lemmy.caEnglish
      3·
      2 years ago

      The new lemmy update automatically disabled 2fa for everyone. The old system didn’t require you to enter the generated 2fa code on setup so lots of ppl locked themselves out.

      • ΛdΛm_𝒷@infosec.pubEnglish
        1·
        2 years ago

        The old system was even weirder, I had to use Libreoffice built-in QR code generator to set up 2FA, I created my second account after this latest update ( glad they added the QR code for me this time ), but yeah it didn’t work, so the account is lost until the next major update which will disable 2FA for everyone…

        But I didn’t wait, I created another account and it worked 🤷‍♂️

        • Darkassassin07@lemmy.caEnglish
          1·
          2 years ago

          How’d you manage that one? The new system requires you to enter a valid 2fa code from your TOTP app before its activated.

          Unless this was an instance that hadn’t applied the update yet, in which case 2fa will disabled once the update applies.

          • ΛdΛm_𝒷@infosec.pubEnglish
            1·
            2 years ago

            How’d you manage that one? The new system requires you to enter a valid 2fa code from your TOTP app before its activated

            Exactly, and this is why I’m so confused, I tried using the generated codes many times on desktop and mobile and it says they’re wrong

            Unless this was an instance that hadn’t applied the update yet, in which case 2fa will disabled once the update applies.

            Nah, it was on the latest update 0.19, I checked

            It’s probably a bug, I didn’t scan the QR code, I clicked on the link which opened the 2FA app and created the entry, not that it matters but that’s how I did it…

            I scanned the QR code the second time and that worked

    • Extras@lemmy.today
      1·
      2 years ago

      Yeah not a fan of how Lemmy implemented it. Couldn’t even manually input the seed so I had to rely on keepassdx. I’m assuming you already checked that the time is correct and you didn’t modify the entry, so I’m sorry to hear that

      • Darkassassin07@lemmy.caEnglish
        2·
        2 years ago

        Was stuck with the qr code. Screenshot + qr reader to copy the link. Dropped that into my totp manager and all has been good.

        A simple copy+paste would have been nice, but whatever. It works.

        (had 2fa on before without issue either)