Lemmy: Add Two-factor Authentication (2FA)

Created on 17 Feb 2021  路  9Comments  路  Source: LemmyNet/lemmy

Description

I believe you are already aware about what I am trying to suggest here. 2FA plays a major role in improving the security of an account on Social Media sites (nowadays, it is very much needed on every platform which has accounts). 2FA using a third party mobile app like Aegis, AndOTP, Google Authenticator, Authy etc is a very good security feature imo. Reddit also has it and it would be really nice to see it on Lemmy.

enhancement help wanted

Most helpful comment

Relates to #1368

PS. Doesn't using google authenticator go against Federation ideas?

All 9 comments

We have wayyy too many other things on our plate right now, but if someone else wants to take a crack at it go ahead.

Just curious, what kind of 2FA are everyone most interested in? Email? Text? Authenticator app?

I personally prefer Authenticator App (and sometimes Text) over Email because if your Email is compromised, 2FA can do nothing. In case of Authenticator app, you can locally store the tokens instead of relying on a cloud service and in case of Text, only you have your SIM card. Ofcourse there are various ways to steal Tokens and Text messages but they are much difficult compared to Email.

Relates to #1368

PS. Doesn't using google authenticator go against Federation ideas?

Relates to #1368

PS. Doesn't using google authenticator go against Federation ideas?

Google authenticator only stores the tokens just like any other 2FA app. How is it against federation? It isn't affecting decentralisation and federation for Lemmy at least. Also I only used it as an example because I think most people know about it unlike other FOSS 2FA apps like Aegis.

Google authenticator only stores the tokens just like any other 2FA app. How is it against federation?

Actually my bad. I thought the backend needs to talk to the google server, to verify TOTP.

It seems it could be made offline.

I am wondering are there available libs that are supporting different 2fa providers at the same time like Aegis, AndOTP, GoogleAuthnticator etc? it don't have to be in Rust

I'm pretty sure Computerphile explains how 2FA works: https://www.youtube.com/watch?v=ZXFYT-BG2So

Google authenticator only stores the tokens just like any other 2FA app. How is it against federation?

Actually my bad. I thought the backend needs to talk to the google server, to verify TOTP.

It seems it could be made offline.

I am wondering are there available libs that are supporting different 2fa providers at the same time like Aegis, AndOTP, GoogleAuthnticator etc? it don't have to be in Rust

All 2FA apps will work, it's a standard.

Relates to #1368

PS. Doesn't using google authenticator go against Federation ideas?

The authenticator protocol is an open standard I'm pretty sure. There are fully open source authenticator apps

Was this page helpful?
0 / 5 - 0 ratings

Related issues

l1ving picture l1ving  路  5Comments

Nutomic picture Nutomic  路  4Comments

DimensionalScoop picture DimensionalScoop  路  6Comments

NicolasCARPi picture NicolasCARPi  路  5Comments

shirshak55 picture shirshak55  路  5Comments