Hi. I was trying to set up 2FA in my settings, where there is a button named “2FA installation link.” I right clicked on the button, copied the link, and put it into a QR code generator. I scanned it with Twilio Authy on my phone to add it. To my surprise, when I tried using it to log in, the generated codes simply do not work. I have 20ish entries on Authy and they all work, with the Lemmy accounts being the outliers. I have also tested the 2FA on my other account at feddit.nl, and it doesn’t work with Authy either.

So, I tried using Google Authenticator instead. I used it to scan the very same QR code, and it spits out different codes from those generated by Authy. The ones generated by GAuthenticator work, whereas the Authy ones don’t work. I wonder what the issue is?

Edit: grammar

  • gnzl@nc.gnzl.cl
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I believe the issue is that Lemmy expects the codes to be generated using the SHA256 algorithm, while most generator apps use SHA1.

    • randint@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Ahhh, thanks! After closer inspection of the link otpauth://totp/lemm.ee:randint?secret=[redacted, 64 characters]&algorithm=SHA256&issuer=lemm.ee, it does indeed specify SHA256. Looks like Authy just uses SHA1 regardless. Maybe I should switch back to GAuthenticator, but you know, Google…

      • appel@whiskers.bim.boats
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        If twilio doesn’t work but you don’t want to use Google, try Aegis or Bitwarden. Both available on f-droid. For totp on Bitwarden you either need to self-host the database using vaultwarden or pay for the pro version.