-
-
Notifications
You must be signed in to change notification settings - Fork 857
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Two-factor Authentication (2FA) #1434
Comments
We have wayyy too many other things on our plate right now, but if someone else wants to take a crack at it go ahead. |
Just curious, what kind of 2FA are everyone most interested in? Email? Text? Authenticator app? |
I personally prefer Authenticator App (and sometimes Text) over Email because if your Email is compromised, 2FA can do nothing. In case of Authenticator app, you can locally store the tokens instead of relying on a cloud service and in case of Text, only you have your SIM card. Ofcourse there are various ways to steal Tokens and Text messages but they are much difficult compared to Email. |
Relates to #1368 PS. Doesn't using google authenticator go against Federation ideas? |
Google authenticator only stores the tokens just like any other 2FA app. How is it against federation? It isn't affecting decentralisation and federation for Lemmy at least. Also I only used it as an example because I think most people know about it unlike other FOSS 2FA apps like Aegis. |
Actually my bad. I thought the backend needs to talk to the google server, to verify TOTP. It seems it could be made offline. I am wondering are there available libs that are supporting different 2fa providers at the same time like Aegis, AndOTP, GoogleAuthnticator etc? it don't have to be in Rust |
I'm pretty sure Computerphile explains how 2FA works: https://www.youtube.com/watch?v=ZXFYT-BG2So |
All 2FA apps will work, it's a standard. |
The authenticator protocol is an open standard I'm pretty sure. There are fully open source authenticator apps |
I'm really surprised this isn't a priority to be honest. |
We have about 100 other priorities for lemmy. But this is an open source project, anyone is free to take a crack at it. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I had to hide some comments for being off topic. If what you write doesnt bring us closer to implement the feature, then it probably doesnt belong on the issue tracker. As mentioned by @dessalines, we have a lot of tasks that are more important than 2FA. If that is a problem for you, then dont use Lemmy for now. |
Doesn't support 2FA: LemmyNet/lemmy#1434
Doesn't support 2FA: LemmyNet/lemmy#1434
Can somebody reopen this issue? Lemmy still does not have 2FA, and the user who opened it has been deleted. |
Description
I believe you are already aware about what I am trying to suggest here. 2FA plays a major role in improving the security of an account on Social Media sites (nowadays, it is very much needed on every platform which has accounts). 2FA using a third party mobile app like Aegis, AndOTP, Google Authenticator, Authy etc is a very good security feature imo. Reddit also has it and it would be really nice to see it on Lemmy.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: