Code.videolan.org unusable since 2FA

Discussion about forum rules, new moderators, website content, website layout, VideoLAN artwork etc..
Forum rules
Please read the forum's rules carefully before posting. This forum should not be used to post VLC usage related questions.
Rancid
New Cone
New Cone
Posts: 4
Joined: 08 Aug 2018 12:23

Code.videolan.org unusable since 2FA

Postby Rancid » 08 Aug 2018 12:27

Am unable to use code.videolan.org as only 2FA screen accessible.
I do not use 2FA
Is there any other way?

User avatar
InTheWings
Developer
Developer
Posts: 1275
Joined: 07 Aug 2013 13:15
VLC version: crashing
Operating System: Linux
Contact:

Re: Code.videolan.org unusable since 2FA

Postby InTheWings » 08 Aug 2018 12:37

:!: If you want your problem to be solved :
* First read troubleshooting guide VSG:Main
* Always provide verbose LOGS ! (command line or from gui)
* Always check your issue against a developer build from Nightly Build of VLC
* Tell us when your problem is solved !

Rancid
New Cone
New Cone
Posts: 4
Joined: 08 Aug 2018 12:23

Re: Code.videolan.org unusable since 2FA

Postby Rancid » 08 Aug 2018 13:20

andOTP worked.
FreeOTP, as suggested in the link you posted did not work, as was unable to enter key manually.
How to scan qr code when on phone, just stupid.

Stef_An
Blank Cone
Blank Cone
Posts: 38
Joined: 13 Apr 2018 23:50

Re: Code.videolan.org unusable since 2FA

Postby Stef_An » 23 Jun 2021 00:20

andOTP worked.
I know, that this is a workaround, but it works: I successfully used oathtool in Linux to create a 6 digit PIN from the long code on the 2FA setup page. The whole article about it is here:

https://www.cyberciti.biz/faq/use-oatht ... ation-2fa/

At the end, all you need is a command like oathtool -b --totp 'N3V3R G0nn4 G1v3 Y0u Up' and it generates your PIN. The only problem - it works just for the current session. So after logoff, on the next logon, one have to repeat the PIN generation. But on the bright side: one don't have to install some extra software on the phone or somewhere else.

On Windows, WinAuth should do the trick.

Stef_An
Blank Cone
Blank Cone
Posts: 38
Joined: 13 Apr 2018 23:50

Re: Code.videolan.org unusable since 2FA

Postby Stef_An » 06 Jul 2021 14:29

I know, that this is a workaround, but it works:
Afterwards, I found this solution on the wiki.

So now one has 3 possibilities:
  1. As in the wiki, just save the long code from the right of the QR code and use it with oathtool to manually generate the PIN every time one needs it.
  2. Use some full-GUI solution like OTPClient on Linux or WinAuth on Windows or Linux (here with wine). One can create a local saved database and let the PIN be generated every time one needs it. There is no need to install some extra software on the PC or smartphone and sign-up for another account on another service. And the data is saved locally, not in some cloud. One has to, on the other side, setup such database on every device, where one likes to log in into the GitLab of the VLC.
  3. As a deviation from the both other scenarios: one just deactivates 2FA every time before one logs off on the GitLab. This way, next time after the log-in, one would be asked to set up the 2FA again and would be once again shown the long code to create a PIN. There is no need to save any information locally. One just uses some program, GUI or not, to generate the PIN as in the set-up step. But: don't forget to deactivate the 2FA, if you don't save the code(s)!
In any scenario: save the recovery codes, for the case you lose the code or need them otherwise. And: either save the code right to the QR code in some file/program database or on the paper, or don't forget to deactivate the 2FA before logout.

bsduck
New Cone
New Cone
Posts: 1
Joined: 29 Apr 2022 00:43

Re: Code.videolan.org unusable since 2FA

Postby bsduck » 29 Apr 2022 01:42

Hello,

I've been reporting bugs for years to numerous free software projects.
I don't remember ever having trouble to complete that basic task. Until today.

Two-factor authentification. Please, what's this bad joke?
I've never seen such a cumbersome process to access a bug tracker.
I don't have a phone connected to the internet and I lost half an hour just to find a way to validate my account.

Most people merely want to report issues, they're not asking for commit rights to your repositories.
If you want 2FA for your developer zone, then please create a dedicated bugzilla outside it for us mere mortals.
Otherwise you'll inevitably miss valuable user feedback.

Thank you.


Return to “Forum, Website and Artwork discussion”

Who is online

Users browsing this forum: No registered users and 1 guest