6
If you go into your account settings you'll see a shiny new 2FA setup option. Once you check the box and reload there will be a button to there link your default 2FA application.
Now for Safari users on macOS who don't use Apple Keychain for your 2FA but rather a 3rd party app like 1Password or Bitwarden things are a little tricky. In order to get around linking it directly to Keychain you can right click the 2FA link and choose "inspect element." Scroll down slightly and you'll see that element highlighted in the new element window. Right click the highlighted area and select "copy link." That's the 2FA code which you can then paste in any 3rd party password manager.
Yes. Lemmy 2FA uses SHA256 TOTP digests, which are newer (and better) than the SHA1 digests used as default by most authenticator apps.
Critically, Lemmy will not have you verify that the generated TOTP code works before locking it in, nor will it give you backup codes.
You should check the documentation of your authenticator app to see if any changes need to be made in the app prior to adding Lemmy 2FA.
If your app only supports SHA1, or you fail to follow your app's procedures to add an SHA256 digest, and you add the 2FA token generated by Lemmy, you're not getting back into that account.
Link to GitHub issue about this