Lemmy's initial implementation of 2FA is not that straightforward and users can easily lock themselves out of their accounts. Please be careful if you decide to enable 2FA.
I personally suggest avoiding 2FA for now until it's working more consistently. There are several featurerequests to force 2FA code confirmation is working before it is enabled and those are a bare minimum before this feature is functional.
If your account is locked out due to 2FA issues, please email [email protected] and include 2FA Lockout in your email subject.
2FA Setup Process
DO NO LOG OUT AT ANY POINT DURING THIS PROCESS UNTIL AFTER YOU'VE VERIFIED THAT YOUR 2FA KEYS WORK VIA STEP #8!
Click your Username in the top right of the site and select Settings.
Scroll to the bottom of the page and check the Set up 2-factor authentication box.
You should see the following alert pop up at the bottom of the screen:
The page will not automatically refresh. You will need to refresh it manually.
After a page fresh, you will see a new button at the bottom of Settings:
Clicking on this link does nothing. You need to right-click and copy the link to get your OTP secret key. Your clipboard should now have a URL in it that looks like this: otpauth://totp/Citizens%20Gaming:Test?secret=THISWILLBEWHEREYOURSECRETKEYWILLBE&algorithm=SHA256&issuer=Citizens%20Gaming
Depending on the app you use, you'll either need to paste the entire URL, or just the secret key, into the manual setup fields of that app.
Open an incognito browser and attempt to log into your account. You should be prompted for your 2FA code during login. If it works, you're good to go.
If 2FA is not allowing you to log in, go back to your main browser window and disable 2FA via the Settings page. Wait for updates and try again in a few months.
Yeah I would honestly just wait until there are some improvements. I'm going to upgrade the instance to 0.18.2 tonight and I'll test it again after that.
After the 0.18.2 upgrade, 2FA seems to be working ok (I tested with Aegis). Just follow the directions above closely and don't log out until you've confirmed you can log in via an incognito window.
If you enable 2FA, you'll have to enter the code every time you log in, so just be aware of that. There's no caching for a month or year or whatever.