TL;DR: Lemmy generates SHA-256 TOTP digest which may be unsupported by some authenticator apps. https://github.com/LemmyNet/lemmy/issues/3309#issuecomment-1605259241 Thanks to this it may seem the authenticator is set up, yet it won't generate correct tokens.
When lemmy.sdf.org got updated to version 0.18.0, the first thing I did was that I set up 2FA. Or so I thought. I went to settings, checked "Set up 2-factor authentication", clicked save, and then clicked on the installation button which opened up the authenticator app I use, Cisco DUO. I saved it, and seeing that it was generating codes, I thought "Good".
Today I wanted to log into Lemmy on my laptop. I enter username and password, and get prompted for TOTP token. I take my phone and get the token from Cisco DUO authenticator, type it into the TOTP field, and it doesn't work. So I tried again, and again, and again,... I see. It doesn't work.
I went on the internet to search for the issue, and found the comment mentioned above and this request on GitHub.
Thankfully I was still logged in on my phone and I was able to remove 2FA.
Who knows, but there may already be bunch of people who won't be able to reply. Rest in peace.
Even more strange is the use of DUO voluntarily. Can I ask why? I'm guessing work or a limited OpenVPN setup?
Originally I just wanted to set up 2FA on NetAcad and this is what they recommended, and I liked the UI more than Google Authenticator.
It works, and allows backups. Since I originally wanted to use it just for NetAcad, I didn't care. And I still don't see any problems with it. Or, well, now I do.