Jump to content
Kytten Lebed

It is time for Linden Labs to put in two factor authentication

Recommended Posts

53 minutes ago, Fionalein said:

PS: can we play buzzword bingo with your posts? Plea-ease? :SwingingFriends:

Could do,  It makes no difference to me. :)

On the other hand, as an educational exercise for those who believe that a truck load of blank cards can be made into valid ones, there's enough information there to allow a little bit of Googling, to discover that their previous understanding was built on sand.

 

  • Haha 1

Share this post


Link to post
Share on other sites
1 hour ago, Fionalein said:

PS: can we play buzzword bingo with your posts? Plea-ease? :SwingingFriends:

There's nary a mention of "blockchain" and it's so hard to get BINGO without it.

Also no mention anywhere in the thread of WebAuthn which would be a superb buzzword for this context. Jus' sayin'.

Modern 2FA does not completely eliminate all security vulnerabilities. It does, however, reduce the threat from long recognized problems with passwords (and worse, security questions). Not every SL account is so valuable that it needs 2FA, but not wanting it for oneself is no justification for denying the option to others.

  • Thanks 1

Share this post


Link to post
Share on other sites
12 hours ago, Qie Niangao said:

Not every SL account is so valuable that it needs 2FA, but not wanting it for oneself is no justification for denying the option to others.

Every penny LL might waste adding this 2FA crappolla to protect an entitled minority from their own self destructive habits of clicking phishing links, or failing to remember to use a decent password, is a penny that LL will claw back by increasing charges for EVERYONE ELSE...

Bear in mind here, that you are supporting Bradford's claims here, a man who by his own admission earlier in the thread takes almost no security precautions over a 'classic' car.

I once worked in the IT dept of an Insurance company, they had an official name for people like your 2fa spouting friend...

"People we will not sell insurance to"

This 2FA stuff is an entitlement whine, demanding that EVERYONE finance the introduction of a feature to protect people who are a bad insurance risk because they are lazy and stupid...

https://www.markinpiece.secondwife.con/marketing-sith-promotions/you-must-pay-for-me-to-have-2fa-futureness.html

Click it, you know you want to... I promise there's no Russian Hackers waiting at the other end of that link...

 

Edited by Klytyna
  • Like 1

Share this post


Link to post
Share on other sites
55 minutes ago, Klytyna said:

Bear in mind here, that you are supporting Bradford's claims here, a man who by his own admission earlier in the thread takes almost no security precautions over a 'classic' car.

Ridiculously selective (but continuously entertainingly so) in badly interpreting and misquoting.

I said "I don't bother to lock it but rely on other security measures for that one"

There's no roof, not much point locking the doors to prevent entry now is there?

Remind me again when the "Passwords are awesome" seminar is again? I need to pop it in the calendar :)

Incidentally, that insurance company will in almost all certainty, fall under PSD2 legislation and will be implementing strong customer authentication, guaranteed when it comes to online financial transfers. Irony eh?! :)   This is done to mitigate risk, something that insurance companies are generally rather interested in.  They couldn't care less about the small minded opinions of a few IT folk though.

Edited by Bradford Mint

Share this post


Link to post
Share on other sites

 

1 hour ago, Klytyna said:

Every penny LL might waste adding this 2FA crappolla to protect an entitled minority from their own self destructive habits of clicking phishing links, or failing to remember to use a decent password, is a penny that LL will claw back by increasing charges for EVERYONE ELSE...

Tough. Let 'em pay. I've paid plenty towards keeping this platform afloat. Across years of development, my SL was improved by features few and far between, and markedly diminished by many. You don't want 2FA, fine. I want it. My turn. 

Share this post


Link to post
Share on other sites
4 minutes ago, Qie Niangao said:

 

Tough. Let 'em pay. I've paid plenty towards keeping this platform afloat. Across years of development, my SL was improved by features few and far between, and markedly diminished by many. You don't want 2FA, fine. I want it. My turn. 

Not forgetting that there's a cost in dealing with fraudulent transactions which could have been mitigated by not having had the fraud occur in the first place. Hence as we know, an organisation will be interested in factoring the cost of technology change against not only profit (generally none for security) but mitigation of time and effort and financial loss (saving) in dealing with the issue.

Thus in short, no not every penny spent but the delta between the cost that they presently have vs the reduction in that cost and the overall improvements obtained.

Did I need to write this in bold too or is this ok do you think?

Bottom line is, some SLers run around forever with L$0 in their account while others have thousands in USD flowing through and would welcome extra protection.

Share this post


Link to post
Share on other sites

Of course it is time (or indeed quite late) to enable 2FA. Especially since we deal with Linden which actually can be converted to USD.

I was a bit surprised to see users actually discussing whether it is useful or not.. 

Share this post


Link to post
Share on other sites

Every online service, especially those with financial transactions should have 2fa....period. It doesn't matter how good your passwords are, or how careful you are in clicking. LL should offer, and in my opinion, make mandatory the use of 2fa on all accounts which have a L$ balance. Trusted authentication is just good business practice. Knowing for certain who is logging into and using your systems is a good business practice.  Linden Lab is over due in offering this an I for one would be glad to help pay for it.

Share this post


Link to post
Share on other sites
On 9/8/2018 at 9:26 AM, Callum Meriman said:

 A sizable proportion of SL seems to be non-gamers and a huge chunk of those are on Potatos.

 

You had me with this. I couldn't stop laughing.

 

On 9/9/2018 at 6:40 AM, Klytyna said:

*Insert Klytana rage here and mention of mandroid/iSpend*
 

Your one of those people aren't you thats still clinging on to your 20 year old Nokia 3310 ? "I dont need no dumb phone when I have snake to entertain me.."

Share this post


Link to post
Share on other sites

Reading this thread reminds me of the one time, years ago, someone managed to log into my account while I was logged in. This was during a rash of such goings on. I never clicked on links in chat or IMs. To this day I have never figured out how they got my fairly complicated password. Luckily, I was quick thinking enough to log in to one of my alts, (which all of my accounts were set to rez in at my home of the time) so they didn't have time to do anything more then change the password with me standing right in front of them in my home yelling at them to get off my account while I was on the phone with LL CS. I had my account back in less than 30 minutes.

 

Even so, if LL were to implement 2FA, I would still want the option to not use it. Make it an opt in kind of thing and I'll be fine with it. And yes, I do mean opt in, not opt out.

Just my 2 cents and personal preference.

 

ETA: I'm think Whirlz will remember when it happened. The idiot was spamming the FS support group (and others). Since I was on the support team at that time, they knew it likely wasn't me but had to kick me out of the group. And they were right to do so.

Edited by Selene Gregoire
  • Like 1

Share this post


Link to post
Share on other sites

Why did they dig this one up again? 9_9

[humour] PS: I reccomend physical USB dongles for 2F authentification... That way the Lab can finally get rid of all those Mac users... :P [/humour]

Edited by Fionalein
  • Like 1

Share this post


Link to post
Share on other sites
20 minutes ago, Blaise Glendevon said:

The word Dongle makes me titter like a twelve year old. Please send help.

for a few very specific programs it's still used

  • Like 1

Share this post


Link to post
Share on other sites

At my business --- one program someone was trying to sell me needed a dongle and it was for use on the printer port --- which barely any machines have nowadays. Next!

  • Haha 1

Share this post


Link to post
Share on other sites
On 10/16/2018 at 3:24 AM, Blaise Glendevon said:

The word Dongle makes me titter like a twelve year old. Please send help.

They should have just used the word “dingle”, or “d0ng”.

  • Haha 1

Share this post


Link to post
Share on other sites

lord its 2018 almost 2019 and most every company has 2FA of there there own making or trough other company's like google PLZ LL PLLLZZZZZZ add 2FA i no a lot of ppl would be more willing to put RL money into sl if they knew that there billing info would be safer i mean it really would not take much to implement on to a the viewer and website it could even be like steam guard where u only have to do it once for that ip address/ computer

  • Haha 1

Share this post


Link to post
Share on other sites
1 hour ago, rose2021 said:

lord its 2018 almost 2019 and most every company has 2FA of there there own making or trough other company's like google PLZ LL PLLLZZZZZZ add 2FA i no a lot of ppl would be more willing to put RL money into sl if they knew that there billing info would be safer i mean it really would not take much to implement on to a the viewer and website it could even be like steam guard where u only have to do it once for that ip address/ computer

I have no idea what you are trying to convey here. 

Share this post


Link to post
Share on other sites
2 hours ago, rose2021 said:

lord its 2018 almost 2019 and most every company has 2FA of there there own making or trough other company's like google PLZ LL PLLLZZZZZZ add 2FA i no a lot of ppl would be more willing to put RL money into sl if they knew that there billing info would be safer i mean it really would not take much to implement on to a the viewer and website it could even be like steam guard where u only have to do it once for that ip address/ computer

if you use common sense and a basic antivirus/firewall, your billing info IS safe

 

bonus points if you get sms confirmation of your bank transactions

Share this post


Link to post
Share on other sites
1 hour ago, DarkRavenWolfie said:

if you use common sense and a basic antivirus/firewall, your billing info IS safe

 

bonus points if you get sms confirmation of your bank transactions

And just say that LL suffered a breach and the user database was compromised? How does your common sense and clover leaf help you there?

Let me give you some recent examples:-

British Airways

Experian

Facebook

You'd think they would be up to scratch with their security maybe? The list of data breaches is ready to find and security is best performed by implement a layered approach instead of treating it like a blind faith.

Share this post


Link to post
Share on other sites
4 hours ago, rose2021 said:

a lot of ppl would be more willing to put RL money into sl if they knew that there billing info would be safer

proof of your statements please.....

  • Thanks 1

Share this post


Link to post
Share on other sites
2 hours ago, Ethan Paslong said:

proof of your statements please.....

A valid question and about as valid as asking "proof that more people would use SL if there was more <insert favourite topic of choice>" but actually irrelevant to those who do have thousands of $ passing through SL where the account security is weak and would prefer something that provided stronger protection of their assets.

  • Haha 1

Share this post


Link to post
Share on other sites

There is just one problem with that argument - it is inversible: If 2FA is entirely optional it is no use - if it is enforced: who tells us others would not stop investing - don't underestimate the casual users who just pay small amounts - they still are the bulk of paying users - hassle them enough and they might get more reluctant.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×