YSK how to set up Lemmy's 2FA in 1Password
If you're like me, you're accustomed to setting up 2FA by having 1Password detect a QR code on-screen, but this doesn't work with Lemmy's 2FA since it never displays a QR code. Here's what you should do instead.
Start in Lemmy by enabling 2FA in your settings. When you save, scroll down again to the bottom of your settings. You'll now see a 2FA installation button. My first inclination was to click this button, but my Mac wanted to open it in the macOS keychain instead of 1Password. Instead, right click the button and copy the link. (It's styled as a button, but it's really just a plain link.)
Now, in 1Password, add a one-time password field to your Lemmy login. Paste the URL you copied from the button into the one-time password field. Save the login, and you should now see the one-time password displayed in 1Password.
You're actually done at this point. One thing that threw me off is that Lemmy's 2FA does not require a code validation step like many 2FA systems do. I validated it manually by logging out and logging back in. Lemmy asked me to enter the 2FA code, and I was able to copy/paste it from 1Password to log back in.
Hope this helps others who are confused like I was!
On mobile it opened it right up in Authy
Unfortunately it didn't seem to actually work since it rejected my codes every time.
Luckily setting up 2FA doesn't log you out of other sessions (which it should, for security). So I could open lemmy on my PC and disable 2FA there.
Definitely a WIP.
on iOS is the default is Keychain. But, for Android we can select the authenticator preference. that is quite strange experience. I prefer when we want to setup the TOTP it would show up the barcode and we can scan it manually like Gmail or Outlook and that is fine.
Thanks for the detailed post.
I encourage those of you who use your password manager for 2FA to consider that by having your second factor together with the password, they can both become compromised at the same time. Storing your second factor separately, e.g. using a different app with a different password, could help if your password manager database ever gets compromised, because then the attackers would only have access to your password, not your 2FA codes too.