The 2FA enrollment process in Lemmy isn’t great at best, unintuitive and confusing at worst. Here I’ll show the process to enroll from a desktop PC. The process on mobile will be different. Throwing this together quickly, hopefully no errors/omissions…

As a precaution open a second browser, log in there before starting. Just in case you encounter issues and need to disable 2FA.

I’d only suggest progressing with this if you’re comfortable to do so, lemmy does not currently provide backup 2FA codes.

  1. Log into your account, go to your account settings:

  2. Scroll to the very bottom of your settings, locate the “Set-up 2-factor authentication tickbox”:

  3. Tick the “Set-up 2-factor authentication tickbox”, note the popup at the bottom:

  4. THIS IS THE POINT OF NO RETURN. Once you Click the “Save” button, 2FA is enabled and you’ll be unable to login without it functioning. If you encounter issues, tick the “Remove 2-factor authentication” and click save again.
    When you click Save you should be scrolled to the top of the page. Scroll back to the bottom, you should see the button is still ticked, but nothing else has changed:

  5. Click refresh in your browser, or hit F5. The page will reload. Scroll to the bottom of the page again. You should now see a “2FA installation link” button/link.

  6. Right click the “2FA installation link” button/link:

  1. Click “Copy link address” and pasted it into a text editor, you’ll see something similar to this:
    otpauth://totp/Aussie%20Zone:guineapig?secret=GFQWIYTCHEYTIYJWHA4WMZTEMQ2GIZBRGU4WCZLGGRTDQMZZGM2GKN3DMVQTONBS&algorithm=SHA256&issuer=Aussie%20Zone

What you’ve pasted is the TOTP Key URI that can be used by many 2FA applications. Unfortunately this is unwieldy to copy around, so we’re going to generated a QR code that you can scan on your phone.

  1. Open a NEW tab, and browse here. Scroll down to this field:

  1. This page uses javascript within your browser to generate QR codes from the information you provide. You are NOT sending your data to the remote server.
    Paste your TOTP Key URI from step 7 into this field. It should update the fields above it and change the QR code below:

  1. Use your favourite 2FA app to scan the provided QR code to start generating TOTP codes. If you have Bitwarden premium you can simply copy that string into the “Authenticator Key (TOTP)” field.

Any questions please ask.

  • Lodion 🇦🇺OPMA
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    The QR code changed (could just see the top part) even though it appeared nothing happened in the other lines and it still worked in Aegis.

    Thats weird. Glad it worked for you.