Regenerate 2FA for Arch Linux gitlab

graysky · 2024-11-17 21:25:29

I replaced my mobile with a new one and need to register lastpass with Arch Linux SSO for use with the gitlab bug tracker. Is there a link detailing the steps to setup my account within a 2FA app such as lastpass? I did not see anything on the wiki nor via ddg searching.

Last edited by graysky (2024-11-17 21:25:57)

progandy · 2024-11-17 21:59:51

It is a standard keycloak instance with TOTP.

You should be able to add authenticator apps here:
https://accounts.archlinux.org/realms/a … signing-in

First, you need to sign in with your password and your old otp, then follow the steps displayed on the page.

Mobile Authenticator Setup
Warning: For security reasons, we may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials. For this reason, it is highly recommended that you backup your credentials.
Install one of the following applications on your mobile:
Android
Aegis
andOTP
FreeOTP+
iOS
Authy
LastPass Authenticator
OTP Auth
PC
Having the second factor on the same device reduces the security it provides
Wiki Article
Open the application and scan the barcode:
Figure: Barcode
Unable to scan?
Enter the one-time code provided by the application and click Submit to finish the setup.
Provide a Device Name to help you manage your OTP devices.

graysky · 2024-11-17 22:08:32

Thanks for the reply. The issue is that none of my profiles got migrated to the new mobile so I have no OTP generating by LastPass Authenticator.

seth · 2024-11-17 22:23:03

Did you backup the TOTP token somewhere else? Do you still have the old phone? Or maybe a screenshot of the QR code gitlab holds into your face?

Otherwise you'll need admin intervention, you can send a mail "My dog ate my TOTP device" to "accountsupport æt archlinux døt org"

graysky · 2024-11-17 23:25:17

Thanks Seth. No, I haven't needed that app for a few months now and the old phone is long gone.

seth · 2024-11-17 23:35:08

Keep a backup of the QR code or qrdecode it and backup the string, https://bbs.archlinux.org/viewtopic.php … 6#p2175636

TOTP is just a symmetric key (yes, the thing everyone freaks out about "they stored the passwords and not just hashes???") that's then hashed w/ a time bracket so you only have to enter a short number - all of which is insanely dumb, so it's hidden behind QR codes and apps and whatnot because if people would see what it actually is, they'd all be slapping their faces naked gun style…

Arch Linux

#1 2024-11-17 21:25:29

Regenerate 2FA for Arch Linux gitlab

#2 2024-11-17 21:59:51

Re: Regenerate 2FA for Arch Linux gitlab

#3 2024-11-17 22:08:32

Re: Regenerate 2FA for Arch Linux gitlab

#4 2024-11-17 22:23:03

Re: Regenerate 2FA for Arch Linux gitlab

#5 2024-11-17 23:25:17

Re: Regenerate 2FA for Arch Linux gitlab

#6 2024-11-17 23:35:08

Re: Regenerate 2FA for Arch Linux gitlab

Board footer