When I followed the instructions shown when selecting “Set up 2-factor authentication”, there’s a pop-up that says to reload the page. When I did that I was immediately signed out and was unable to log back in without a 2FA key.
Click ‘Save’, then manually reload this page, scroll down and use the ‘2FA installation link’ to obtain the oath URL for your authenticator.
From a user interface perspective, it’s a pretty bad implementation. Really not dissing the devs here, as they have been doing an awesome job and and getting so much done in a short space of time with the massive new user load.
There is a reason that it is common practice to force a user to verify that they have TOTP (2fa) set up correctly by requiring them to enter the current 6 digit number to enable it. Otherwise it’s way too easy for users to lock themselves out.
I just tried it again and replicated the issue from my desktop. From my iPad, when I refreshed the settings page there was a button to get a 2FA link and below that the option to remove 2FA. I’m too nervous to actually try and set up 2FA at this point.
