this post was submitted on 10 Jul 2023
92 points (96.9% liked)

Lemmy.ca's Main Community

2820 readers
1 users here now

Welcome to lemmy.ca's c/main!

Since everyone on lemmy.ca gets subscribed here, this is the place to chat about the goings on at lemmy.ca, support-type items, suggestions, etc.

Announcements can be found at https://lemmy.ca/c/meta

For support related to this instance, use https://lemmy.ca/c/lemmy_ca_support

founded 4 years ago
MODERATORS
92
Lemmy.world is compromised (talk.kururin.tech)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

They been redirecting to lemon party and some weird video. Do not go to the website. This is the admin that been hacked:

EDIT: lemmy.blahaj.zone also compromised!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (2 children)

Is there a way to not do email verification but still using 2FA? That way, even if a user's account is somehow phished/compromised, it won't compromise their other accounts.

[–] [email protected] 3 points 1 year ago

I just successfully set up 2FA for an account on another instance that doesn't have a verified email without any issues, so there's no need to have done email verification to use 2FA.

[–] [email protected] 1 points 1 year ago

Absolutely you can do no phone/email and MFA. It's a TOTP thing like Google or Microsoft authenticator. The service doing the authentication has no idea how it's done on the other side, it just makes sure the codes match.