12
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 26 Jul 2023
12 points (100.0% liked)
Lemmy Support
4651 readers
20 users here now
Support / questions about Lemmy.
founded 5 years ago
MODERATORS
I believe the issue is that Lemmy expects the codes to be generated using the SHA256 algorithm, while most generator apps use SHA1.
Ahhh, thanks! After closer inspection of the link
otpauth://totp/lemm.ee:randint?secret=[redacted, 64 characters]&algorithm=SHA256&issuer=lemm.ee
, it does indeed specify SHA256. Looks like Authy just uses SHA1 regardless. Maybe I should switch back to GAuthenticator, but you know, Google...If twilio doesn't work but you don't want to use Google, try Aegis or Bitwarden. Both available on f-droid. For totp on Bitwarden you either need to self-host the database using vaultwarden or pay for the pro version.
Thanks for the suggestions. I already use BitWarden, but I use the free tier and sadly self-hosting is not really an option for me (for now). I decided to use Authenticator Pro as suggested by @isolatedscotch@discuss.tchncs.de, and I'll import the accounts maybe this weekend.
By the way I think I should clarify that I'm not a libre extremist trying to avoid everything Google (yet. maybe I'll become one in the future) I just want to slowly move away and also not start using Google services that I don't already use.
Understandable, best of luck if you want move to the "libre extremist" side. It is a very liberating experience :)
LastPass Authenticator can use SHA256, it works for logging in to my Lemmy instance. And you can use the app independently of LastPass, keeping everything on your device.
There are some other authenticator apps out there, fully open source, offline, and that support sha256.
I found Authenticator Pro to have the best ui, but many people also use andOTP because it has more features.
Thanks! I'm gonna try out Authenticator Pro.