PieFed Meta

2013 readers

32 users here now

Discuss PieFed project direction, provide feedback, ask questions, suggest improvements, and engage in conversations related to the platform organization, policies, features, and community dynamics.

Wiki

founded 2 years ago

MODERATORS

rimu@piefed.social

Request to add TOTP 2FA authenticator support in Piefed (piefed.world)

submitted 2 weeks ago by punrca@piefed.world to c/piefed_meta@piefed.social

14 comments fedilink hide all child comments

On PieFed World v1.1.7-13-ge3e624cc, currently only Passkeys and OAuth authentication is supported in the settings. I'm not sure if Piefed Social latest v1.3.6 version supports TOPT 2FA or if this issue is only pertaining to Piefed World instance.

If this feature is missing, kindly add a new feature to support TOPT 2FA based authentication. Thanks...

you are viewing a single comment's thread
view the rest of the comments

[–] sga@piefed.social 4 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

I am actually surprised why it is not already there? Please correct me if I am wrong, but is not totp like easier to implement than the other oauths listed? (iirc, it has something to with current seconds since epoch, some integer divide by 30 (or 60) and a cipher, and that is part of pair or something)

I tried to lookup, and found https://pyauth.github.io/pyotp/. I do not know what is piefed's policy on using readymade libraries (i know they are really lean on stack, but if i am not wrong, this library would be really light, and will likely just need a database to store the key (likely the passwords db)

here is the src code for above lib - https://github.com/pyauth/pyotp

[–] Blaze@piefed.zip 9 points 2 weeks ago

I am actually surprised why it is not already there?

Because nobody requested it.

Personal feeds, APIs for the mobile apps, mechanisms to deal with spammers, instance filters, all of those were requested and got delivered.

I am happy with the passkey option, I assume other people too.

[–] asudox@lemmy.asudox.dev 3 points 2 weeks ago (1 children)

It's very easy to implement. I am also questioning why this isn't a thing already.

[–] Blaze@piefed.zip 8 points 2 weeks ago (1 children)

Because nobody requested it.

Personal feeds, APIs for the mobile apps, mechanisms to deal with spammers, instance filters, all of those were requested and got delivered.

I am happy with the passkey option, I assume other people too.

Also I remember Lemmy 2FA causing some issues at the beginning, locking people out of their accounts.

[–] asudox@lemmy.asudox.dev 2 points 2 weeks ago (1 children)

Fair.

But with the simplicity of TOTP, I would expect it whenever there is 2fa in a service. Plus passkeys are not as widely used or even known as TOTP.

Also I remember Lemmy 2FA causing some issues at the beginning, locking people out of their accounts.

Oh yes, that did happen. But it was the fault of the Lemmy devs, not because "TOTP is bad and hard".

[–] Blaze@piefed.zip 5 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Again, until now, nobody brought it up

1.3 has 32 issues : https://codeberg.org/rimu/pyfedi/projects/20953
1.2 had 40: https://codeberg.org/rimu/pyfedi/projects/19472

Nobody brought it up during the 2025 roadmap prioritisation: https://codeberg.org/rimu/pyfedi/projects/30813

You can already see in 1.5 issues for the API endpoints for the feeds : https://codeberg.org/rimu/pyfedi/projects/30813 . I would personally prefer those to be prioritized over TOTP , especially as passkeys are already available, but in the end rimu will judge.

[–] asudox@lemmy.asudox.dev -1 points 2 weeks ago

aight, whatever you say