PieFedRequest to add TOTP 2FA authenticator support in Piefed
submitted by
On PieFed World v1.1.7-13-ge3e624cc, currently only Passkeys and OAuth authentication is supported in the settings. I’m not sure if Piefed Social latest v1.3.6 version supports TOPT 2FA or if this issue is only pertaining to Piefed World instance.
If this feature is missing, kindly add a new feature to support TOPT 2FA based authentication. Thanks…
Share on Mastodon
Share on Reddit
Share on WhatsAppANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86
I am actually surprised why it is not already there? Please correct me if I am wrong, but is not totp like easier to implement than the other oauths listed? (iirc, it has something to with current seconds since epoch, some integer divide by 30 (or 60) and a cipher, and that is part of pair or something)
I tried to lookup, and found https://pyauth.github.io/pyotp/. I do not know what is piefed’s policy on using readymade libraries (i know they are really lean on stack, but if i am not wrong, this library would be really light, and will likely just need a database to store the key (likely the passwords db)
here is the src code for above lib - https://github.com/pyauth/pyotp
Because nobody requested it.
Personal feeds, APIs for the mobile apps, mechanisms to deal with spammers, instance filters, all of those were requested and got delivered.
I am happy with the passkey option, I assume other people too.
It’s very easy to implement. I am also questioning why this isn’t a thing already.
Because nobody requested it.
Personal feeds, APIs for the mobile apps, mechanisms to deal with spammers, instance filters, all of those were requested and got delivered.
I am happy with the passkey option, I assume other people too.
Also I remember Lemmy 2FA causing some issues at the beginning, locking people out of their accounts.
Fair.
But with the simplicity of TOTP, I would expect it whenever there is 2fa in a service. Plus passkeys are not as widely used or even known as TOTP.
Oh yes, that did happen. But it was the fault of the Lemmy devs, not because “TOTP is bad and hard”.
Again, until now, nobody brought it up
- 1.3 has 32 issues : https://codeberg.org/rimu/pyfedi/projects/20953
- 1.2 had 40: https://codeberg.org/rimu/pyfedi/projects/19472
Nobody brought it up during the 2025 roadmap prioritisation: https://codeberg.org/rimu/pyfedi/projects/30813
You can already see in 1.5 issues for the API endpoints for the feeds : https://codeberg.org/rimu/pyfedi/projects/30813 . I would personally prefer those to be prioritized over TOTP , especially as passkeys are already available, but in the end rimu will judge.
aight, whatever you say
I just got my piefed account started and TOTP 2FA was one of the first things I went searching for.
I saw the other options but they are unfamiliar to me as I’ve never used them.
Welcome to Piefed!
Thanks … it feels a bit like a very small club at the moment but it’s neat to be here and see something new grow.
Nice to be here!
Feel free if you have any questions!
Deleted by moderator
Seems like this interview of Rimu comes at just the right time!
https://piefed.ca/c/piefed_meta/p/370219/a-peak-at-piefed
https://video.fedihost.co/videos/watch/e63cc1e0-b35f-4afd-9a1c-d419bc44c06d
Thanks for this, I had to take time to be able to watch the full video. Great talk and I enjoyed being able to listen to the lead developer … but it was a bit strange to just turn on an interview video without knowing who anyone was or even have any of them introduce themselves properly.
It was still good and I left a detailed comment on the piefed.ca ‘a peak at piefed’ post ….
https://piefed.ca/comment/2496066
TOTP really is not a good idea nowadays. I’d rather see WebAuthn. It’s modern and actually efficiently protects against many things TOTP is supposed to protect against and even more threat vectors.