Add QR Code Generation for 2FA

[csm10495]

Requirements

• This is a feature request and not a bug report. Otherwise, please create a new bug report instead.
• Please check to see if this request (or a similar one) already exists.
• It's a single feature. Please don't request multiple features in one issue.

Describe the feature you'd like

Right now when you enable 2fa, it gives you a '2FA installation link'. I personally don't have a way to easily use that link. Most TOTP 2FA things i've used generate a QR code for you to scan to save somewhere.

Requsting that the UI generate a QR code for scanning by apps like Google Authenticator, Authy, etc. to generate 2FA pins.

[csm10495]

As a related comment, i couldn't get 2FA to work, i manually generated a qr code, scanned with authy, but it wouldn't work. :/

Edit: Figured out what is likely happening with this comment: LemmyNet/lemmy#3316

[drspod]

I also had this problem. My browser does not handle otpauth:// links.

Another problem is that the 2FA setup process does not verify at any point that the user has correctly received the credential by doing what every other website does and request that the user type in a 2FA code immediately to complete the setup process.

I anticipate many users locking themselves out of their account while trying to manually type the code from that URL into their TOTP app, then logging out to test that it works - (it won't).

I also anticipate users using whatever shady website is returned by google to paste their OTP code into it to generate a QR code to scan, thereby leaking their 2FA credential to whoever operates said shady website.

The current implementation of this feature is worse for security than not having it.

[foss-]

This can be closed, right? 0.19.1 shows a dialog with a QR Code for 2FA setup: