There is a bug in 2FA in Lemmy. In every implementation of TOTP, the account is not locked under 2FA until the server verifies at least one TOTP password. In Lemmy, if the user is unable to set up 2FA on his device, and quits the session, he is locked out of his account.
Caribou
joined 1 year ago
I did lock myself out, and I had to set up a new account. I hope the developers fix this. Furthermore, I am scared of setting up TOTP now.