nilsbraden
commented
4 years ago Erm... Actually 2FA in Tiny Tiny RSS does not cover the API access and in this issue here it's stated that this is by design: https://community.tt-rss.org/t/bug-api-bypasses-two-factor-authentication/1149
I belive you can't change any settings/users/passwords with the API so worst case is feeds get added or removed or marked things can get lost. Doesn't sound too bad to me but depends entirely on your use-case. I don't really know why the dev chose to leave the API "open" though.
The app works great! LOVE it!! Unfortunately, due to a recent security breach, I've had to enable two factor authentication on all of the services on my server. This means I'm stuck with just the web interface. Adding 2FA support would transform an already fantastic app into a superior one! Thanks again for all your hard work!