this post was submitted on 10 Jul 2023
64 points (100.0% liked)
Lemmy.ca's Main Community
45 readers
1 users here now
Welcome to lemmy.ca's c/main!
Since everyone on lemmy.ca gets subscribed here, this is the place to chat about the goings on at lemmy.ca, support-type items, suggestions, etc.
Announcements can be found at https://lemmy.ca/c/meta
For support related to this instance, use https://lemmy.ca/c/lemmy_ca_support
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Is there a way to not do email verification but still using 2FA? That way, even if a user's account is somehow phished/compromised, it won't compromise their other accounts.
Absolutely you can do no phone/email and MFA. It's a TOTP thing like Google or Microsoft authenticator. The service doing the authentication has no idea how it's done on the other side, it just makes sure the codes match.
I just successfully set up 2FA for an account on another instance that doesn't have a verified email without any issues, so there's no need to have done email verification to use 2FA.