Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
The 2FA process itself - both initial setup and use with an OTP provider - has worked consistently for me so far.
The instruction in the interface is misleading and I’m not the only one who locked himself out as a result. The Mastodon devs merged my pull request to clarify the instruction (including my mistake of saying “oauth” instead of “otpauth”) astonishingly quickly.
If I may be constructively critical, we should expect to provide provide at least some minimal evidence to justify claims such as one that something doesn’t work, even if only as a link to discussion or evidence. This expectation increases when it’s accompanied by advice or instruction, especially when such advice is counter to advice which is generally accepted as “good”.
As @[email protected] mentions, a more serious problem of password reset via email disabling 2FA offers a workaround for now in at least some cases.
The 2FA process itself - both initial setup and use with an OTP provider - has worked consistently for me so far. The instruction in the interface is misleading and I’m not the only one who locked himself out as a result. The Mastodon devs merged my pull request to clarify the instruction (including my mistake of saying “oauth” instead of “otpauth”) astonishingly quickly.
If I may be constructively critical, we should expect to provide provide at least some minimal evidence to justify claims such as one that something doesn’t work, even if only as a link to discussion or evidence. This expectation increases when it’s accompanied by advice or instruction, especially when such advice is counter to advice which is generally accepted as “good”.
As @[email protected] mentions, a more serious problem of password reset via email disabling 2FA offers a workaround for now in at least some cases.