How could 2FA be disabled if you need 2FA in order to login to disable it and my free OTP+ is biometric protected?

  • MrKaplan@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    3 months ago

    This was unfortunately an error on our end.

    Please bear with us while we work on resolving this situation.

    • MrKaplan@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      3 months ago

      2FA has been restored for all LW users that had it enabled before and didn’t reactivate it on their own since.

      There will be an announcement posted later on explaining what happened.

      edit: announcement is out: https://lemmy.world/post/18503967

  • Dark Arc@social.packetloss.gg
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    3 months ago

    Going to need a lot more context than that.

    I’m sure site admins could just clear the 2FA field if they wanted. Would they? IDK, probably not unless they had good reason.

    Could someone steal your session information and disable your 2FA with that? Yeah, but I doubt they did, you’d have to have your system compromised or some kind of cross site scripting.

    Did you use any shady lemmy clients?

    etc

    • Lightscription@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      This is what I thought. I keep telling people they don’t exclusively own their passwords / security tokens once they give it to a site. Salted hashes to obscure the pw don’t even matter since the admin could also bypass that. Tanks for the validation.

    • Lightscription@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      3 months ago

      This is what I thought. I keep telling people they don’t exclusively own their passwords / security tokens once they give it to a site.

      If I shared encrypted info that I kept encrypted, I guess it would still be mine but no one could then read it.