• Zagorath
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Some points from the admin of ttrpg.network in our Discord chat:

    • the html injection seems not to apply to 18.1 (the version we’re on) [us too!], but if it does, it applies to the sidebar, posts, and comments (so a huge deal)
    • apparently there’s some concerns around the implementation (of 2fa) at the moment…maybe i’ll just shut it off for now and wait then…

    This thread explains the very serious risk of Lemmy’s current 2FA implementation.

    Real risk of locking yourself out of your account.

    • lordriffington
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Yeah, 2fa didn’t work for me when I tried to set it up. Was just lucky I was logged in on more than one browser, so I could go and disable it.

    • Lodion 🇦🇺MA
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Real risk of locking yourself out of your account.

      yes, the initial setup is not intuitive at all. Once setup it functions normally.

      • maniacalmanicmania
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Thanks. I’m going to wait for your guide. What do you advise we do with bot accounts?

          • maniacalmanicmania
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Thanks. This worked. I got a little confused with points 3, 4 and 5 but now that I’ve re-read your instructions I see that they are clear and I have no suggestions for improving them at this time.

          • Gorgritch_Umie_Killa
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Hey, so i followed the guide. I think i hit all the steps, but when i try to log in on the browser to test whether its worked. The 2fa box does come up. But when i enter the code and hit login theres no progression on from that screen. Not sure where i’ve gone wrong? Using Aegis btw.

            • Lodion 🇦🇺MA
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Hmm you may need to disable 2FA again. I’m not sure why it wouldn’t work, perhaps Aegis hasn’t imported it correctly?

        • Lodion 🇦🇺MA
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          In the short term, use a 60 character password and never use that account interactively. ie only use it with your scripts/bot. And obviously keep the password securely stored.