The 2FA enrollment process in Lemmy isn’t great at best, unintuitive and confusing at worst. Here I’ll show the process to enroll from a desktop PC. The process on mobile will be different. Throwing this together quickly, hopefully no errors/omissions…

As a precaution open a second browser, log in there before starting. Just in case you encounter issues and need to disable 2FA.

I’d only suggest progressing with this if you’re comfortable to do so, lemmy does not currently provide backup 2FA codes.

  1. Log into your account, go to your account settings:

  2. Scroll to the very bottom of your settings, locate the “Set-up 2-factor authentication tickbox”:

  3. Tick the “Set-up 2-factor authentication tickbox”, note the popup at the bottom:

  4. THIS IS THE POINT OF NO RETURN. Once you Click the “Save” button, 2FA is enabled and you’ll be unable to login without it functioning. If you encounter issues, tick the “Remove 2-factor authentication” and click save again.
    When you click Save you should be scrolled to the top of the page. Scroll back to the bottom, you should see the button is still ticked, but nothing else has changed:

  5. Click refresh in your browser, or hit F5. The page will reload. Scroll to the bottom of the page again. You should now see a “2FA installation link” button/link.

  6. Right click the “2FA installation link” button/link:

  1. Click “Copy link address” and pasted it into a text editor, you’ll see something similar to this:
    otpauth://totp/Aussie%20Zone:guineapig?secret=GFQWIYTCHEYTIYJWHA4WMZTEMQ2GIZBRGU4WCZLGGRTDQMZZGM2GKN3DMVQTONBS&algorithm=SHA256&issuer=Aussie%20Zone

What you’ve pasted is the TOTP Key URI that can be used by many 2FA applications. Unfortunately this is unwieldy to copy around, so we’re going to generated a QR code that you can scan on your phone.

  1. Open a NEW tab, and browse here. Scroll down to this field:

  1. This page uses javascript within your browser to generate QR codes from the information you provide. You are NOT sending your data to the remote server.
    Paste your TOTP Key URI from step 7 into this field. It should update the fields above it and change the QR code below:

  1. Use your favourite 2FA app to scan the provided QR code to start generating TOTP codes. If you have Bitwarden premium you can simply copy that string into the “Authenticator Key (TOTP)” field.

Any questions please ask.

  • Treevan 🇦🇺@aussie.zone
    1·
    1 year ago

    My desktop just died so I’m going all in on mobile, but I’ll use the PWA. I’ll have to skip the QR code.

    Edit: Skipping that was fine. I put it directly into Aegis and it works, just copy pasting the secret rather than the link. Making sure to change the encryption from default to SHA256.

    Edit 2: Another note. I just tried it on my partner’s phone to make the QR code method and the lines above Line 7 on your Generator Link did NOT propagate the info. The QR code changed (could just see the top part) even though it appeared nothing happened in the other lines and it still worked in Aegis.

    • Lodion 🇦🇺@aussie.zoneOPM
      2·
      1 year ago

      The QR code changed (could just see the top part) even though it appeared nothing happened in the other lines and it still worked in Aegis.

      Thats weird. Glad it worked for you.

      • Treevan 🇦🇺@aussie.zone
        2·
        1 year ago

        The guide was good.

        Doing the QR code was extra to see how it worked so if someone else has that issue, don’t fret! Aegis was a simple username, instance, secret, sha256.

  • UncleClerk@aussie.zone
    1·
    1 year ago

    I had an issue on iOS with 2FA installation link/button not appearing when the box is ticked. This is fixed by requesting desktop mode in the browser.