13
What happened to my 2FA? (lemmygrad.ml)
submitted 2 days ago by PoY@lemmygrad.ml to c/hexbear@hexbear.net
7 comments fedilink hide all child comments

Suddenly today I'm not able to sign into Hexbear because it keeps telling me my 2FA code is incorrect. Nothing on my end has changed at all and my 2FA is done through BitWarden automatically. If I try more than 2 times to sign in it blocks me for over an hour from even attempting to sign in. I can't figure out wtf email address I used to sign up so I can't even reset the password. Halp! am @peeonyou on hexbear

top 7 comments
sorted by: hot top controversial new old
[-] BoarAvoir@hexbear.net 2 points 7 hours ago

Hi, thank you for reporting this issue! sorry it's taken a bit to work its way to the relevant people. It should be working now, assuming you are not currently rate limited and you don't require multiple retries to get the 2fa code right.

a little inside baseballSo the issue is, lemmy doesn't have super granular controls on various API rate limits, there are only like 7 categories but there are many more API endpoints than that. For reasons I cannot fathom, the /login endpoint uses the same rate limit as the /register endpoint (for applying for a new account), which we keep pretty low to prevent registration spam, etc.

In addition, 2FA logins require 2 calls to /login, since the first one has to come back with a response telling the page to display the 2fa prompt, and then a second request is sent with the 2FA code.

Long story short, there was recently an attempted "raid" of the site by some trolls, and in preparation the /register rate limit was lowered further than normal, to only 1 per hour. This had the unintended effect of making 2FA logins impossible, and has now been increased. In future our devs may change the login rate limit to not track /register, but for now 2FA should be working again, though if you mis-type the code you may get rate-limited for an hour until a more permanent fix is in place.

[-] PoY@lemmygrad.ml 1 points 16 hours ago* (last edited 16 hours ago)

Hexbear really needs to have a way to reach the site admins without logging in... i still can't login and I can't seem to reach anyone who could do anything about it either.

[-] Chronicon@hexbear.net 1 points 7 hours ago* (last edited 7 hours ago)

matrix should work. Or since you're logged in to a lemmy account now you could ping some admins in a comment or DM them.

They used to have emails listed I thought but now can't find any, and really that might be for the best for opsec. It's somewhat annoying that matrix accounts linked in user profiles don't show up when the viewer isn't lgged in though.

https://matrix.to/#/@carc0sa:chapo.chat is seemingly the most active admin

I'm also having 2fa issues on an alt.

[-] AshenWolf@hexbear.net 2 points 1 day ago* (last edited 1 day ago)

I am having the same issue logging in on another browser.

[-] PoY@lemmygrad.ml 2 points 1 day ago

as crappy as it is, im glad it's not just me, thank you!

[-] Dirt_Owl@hexbear.net 3 points 2 days ago

I peed on it

[-] PoY@lemmygrad.ml 2 points 2 days ago

how DARE you!

this post was submitted on 20 Dec 2024
13 points (100.0% liked)

hexbear

10297 readers
84 users here now

Hexbear Proposals chapo.chat matrix room.

This will be a place for site proposals and discussion before implementation on the site.
Every proposal will also be mirrored into a pinned post on the hexbear community.

Any other ideas for helping to integrate the two spaces are welcome to be commented here or messaged to me directly.

Within Hexbear Proposals you can see the history of all site proposals and react to them, indicating a vote for or against a proposal.

Sending messages will be restricted to verified and active hexbear accounts older than 1 month with their matrix id in their hexbear user profile.

All top level messages within the channel must be a Proposals (idea for changing the site), Feedback (regarding non-technical aspects of the site, for technical please use https://hexbear.net/c/feedback), or Appeals (regarding admin/moderator actions).

Discussion regarding these will be within nested threads under the post.

To gain matrix verification, all you need to do is navigate to my hexbear userprofile and click the send a secure private message including your hexbear username.

founded 4 years ago
MODERATORS
Ryaina@hexbear.net
ella@hexbear.net
CARCOSA@hexbear.net
sweet_pecan@hexbear.net