• Activity
  • Votes
  • Comments
  • New
  • All activity
    • Showing only topics in ~tildes with the tag "2fa". Back to normal view / Search all groups

    1. What to do if I've lost my 2FA?

      Ask
      My phone abruptly died, and it turns out I did not back up my 2FA codes. I have 2FA turned on for Tildes, and while I am still logged in, I can't turn off 2FA without 2FA, so if I ever have to log...

      My phone abruptly died, and it turns out I did not back up my 2FA codes. I have 2FA turned on for Tildes, and while I am still logged in, I can't turn off 2FA without 2FA, so if I ever have to log in again I'm screwed. I didn't save backup codes, of course, because I'm a fool (and I never figured out a good/safe way to store backup codes somewhere different than my password manager). What should I do?

      I went into "Set up account recovery" in my personal settings, and I entered in my email address there. It says that if I can send and receive email from that address, I will be able to reset my password. But I already have a working password, what I don't have is working 2FA. Would a password reset do anything useful in my situation?

      If there is nothing anyone can do at this point, how should I use my remaining time on this doomed Tildes account?

      UPDATE: Admin turned off 2FA for me, so this account is no longer doomed. Thank you!

      21 votes

    3. 2FA not working?

      Ask
      tildes.net isn't accepting my 2FA codes on login. I used a recovery key and disabled 2FA, but now I can't re-enable it for the same reason (I generate a code with the new secret key given but it...

      tildes.net isn't accepting my 2FA codes on login. I used a recovery key and disabled 2FA, but now I can't re-enable it for the same reason (I generate a code with the new secret key given but it gets rejected). I've checked on other sites and it doesn't seem to be a problem with generated 2FA codes on my end, leading me to believe something may be misconfigured on the server (maybe the tildes.net system clock is off or something?).

      Anyone else experiencing this?

      Edit: Still not really sure why I couldn't get it to work initially, but after giving it some time the problem went away.

      4 votes

    4. Could security key 2FA be implemented on Tildes?

      Text 36 words
      I am wondering if this could be implemented as a 2FA method on Tildes. Although not super mainstream, I think it is the gold standard for account security. Is there anyone else interested in this...

      I am wondering if this could be implemented as a 2FA method on Tildes. Although not super mainstream, I think it is the gold standard for account security. Is there anyone else interested in this option?

      8 votes

    5. Two-factor authentication is now available

      ~tildes.official Text 232 words
      Another excellent open-source contribution has been deployed today - @oden has added two-factor authentication support (via TOTP apps like Google Authenticator). Here's the code, if anyone wants...

      Another excellent open-source contribution has been deployed today - @oden has added two-factor authentication support (via TOTP apps like Google Authenticator). Here's the code, if anyone wants to take a look.

      If you want to set it up for your account, the link is available on the settings page. If you do, please please please write down or store the backup codes that it gives you after you enable it. If your phone dies or you otherwise lose access to your 2FA device, you won't be able to recover access to your Tildes account.

      On that note, I wanted to ask for input about whether I should be willing to bypass 2FA for people if they've set up the email-based account recovery. People will lose access to their 2FA device and not have the backup codes, and I don't know if just telling them that I can't help them is truly the best thing to do. Allowing it to be bypassed does lower the security, but sometimes it's a reasonable trade-off. One possibility is adding a security option that people could enable for maximum security, like "Do not bypass 2FA for me under any circumstance, I promise that I've kept my backup codes".

      Let me know what you think about that, as well as if you have any concerns or notice any issues with the feature. Thanks again, @oden!

      74 votes

    6. 2-factor authentication

      Text 76 words
      A lot of the newer websites and services now offer 2FA so I was wondering if Tildes has any plans to do that? No idea how hard it would be to implement but I feel like that would be a welcome...

      A lot of the newer websites and services now offer 2FA so I was wondering if Tildes has any plans to do that? No idea how hard it would be to implement but I feel like that would be a welcome addition for many people.

      I'd also be happy to hear people's thoughts on this an if you guys think the website actually needs this. In my mind more security is always better than less security.

      36 votes