Creallie Posted August 6, 2016 Share Posted August 6, 2016 Do they have this? It's 2016 and this is a game with real monitary stuff going down so 2 step authentication is kind of mandatory isn't it? Link to comment Share on other sites More sharing options...
Pamela Galli Posted August 6, 2016 Share Posted August 6, 2016 No. Who besides LL do you think would have the authority to make it mandatory? Link to comment Share on other sites More sharing options...
Creallie Posted August 6, 2016 Author Share Posted August 6, 2016 Mandatory, not as in the user should be forced to use it, but the company should be forced to provide it. I was about to spend cash here until I figured it it didn't exist now I'm totally out. Link to comment Share on other sites More sharing options...
Rhonda Huntress Posted August 6, 2016 Share Posted August 6, 2016 OK. Take care. [ETA] BTW, your profile says you have already spent money here. https://my.secondlife.com/Creallie Link to comment Share on other sites More sharing options...
Creallie Posted August 6, 2016 Author Share Posted August 6, 2016 I did- back before 2 atep. Link to comment Share on other sites More sharing options...
Pamela Galli Posted August 6, 2016 Share Posted August 6, 2016 Creallie wrote: Mandatory, not as in the user should be forced to use it, but the company should be forced to provide it. I was about to spend cash here until I figured it it didn't exist now I'm totally out. Yes I understan you think LL should be forced to provide it, but what entity or agency do you think has the authority to force a business to use two factor authentication? Link to comment Share on other sites More sharing options...
Chaser Zaks Posted August 6, 2016 Share Posted August 6, 2016 LL already has 2-step authentication on their to-do list, but they want to make sure they choose a good 2-step authentication protocol/method/service, it works flawlessly so it doesn't suddenly break(I.E: protentially locking people out of their accounts). See https://community.secondlife.com/t5/General-Discussion-Forum/It-is-time-for-Linden-Labs-to-put-in-two-factor-authentication/m-p/3027232 https://jira.secondlife.com/browse/BUG-11879 https://jira.secondlife.com/browse/BUG-18201 https://jira.secondlife.com/browse/BUG-5753 As for forcing companies to require 2-step authentication, I am highly against it. No one should have the authority to tell a company how to control their website. Link to comment Share on other sites More sharing options...
Pamela Galli Posted August 6, 2016 Share Posted August 6, 2016 I think some people are not overly aware of how things work out there in the real world - I.e. that often there is no power to make people do as you think they ought. Link to comment Share on other sites More sharing options...
Sassy Romano Posted August 6, 2016 Share Posted August 6, 2016 Chaser Zaks wrote: As for forcing companies to require 2-step authentication, I am highly against it. No one should have the authority to tell a company how to control their website. Well that already happens all the time and it's a good thing that companies are called into compliance. https://www.pcicomplianceguide.org/pci-faqs-2/ Not specifically around this one issue but in terms of tell a company how it must handle cards for example. The OP is spot on, not necessarily 2-step, could be 2-factor or as appropriate but for those of us who expect better, much stronger authentication than username/passphrase is a must for a sensible starting point for authentication and subsequent signing of transactions on a site where people are transacting sums of money that constitute their RL income. Link to comment Share on other sites More sharing options...
Gylia Moonites Posted September 5, 2018 Share Posted September 5, 2018 (edited) I think a lot are not aware of how the 2FA works today. Unlike a 2nd set of password some MMO games provided back in the stone ages. Now 2FA users don't even know the password themselves until they checked on the app on their phone. These passwords changed every minute making it "near" impossible to hack by average hackers or someone that happened to guessed your account password. And as the 2FA setup goes... only the simplest minded people in existence will go through all the troubles just to find the infos used to provide the 2FA generator for a phishing scam. So yes, 2FA is certainly far far better than SL current password system. A FEW TIMES better in fact. The down fall being that google wasn't able to provide a "saving" method of the 2FA account due to security reason, making it not only hard to breach but a pain for anyone who lost their 2FA device. This means you are locked out from your own account if you lost your phone. But on the other hand, other Authenticator provides a "cloud saving" method so no matter where or on which phone you use, you still gain access to your 2FA informations. Less secured but it works. Edited September 5, 2018 by Gylia Moonites Link to comment Share on other sites More sharing options...
Rhonda Huntress Posted September 5, 2018 Share Posted September 5, 2018 That method is older than this thread ... "what you have and what you know" is basically outdated now. 3 Link to comment Share on other sites More sharing options...
Richardus Raymaker Posted September 6, 2018 Share Posted September 6, 2018 2FA is a big anoyi g implementation and make thi gs not really saver. If you think E-mail is save that you use for 2FA. nope. The big problem is the user that use weak passwords. Click on wrong links. Use build in webbrowsers. Webbrowsers that hide default parts of the url. 2FA is just hell, to frudtrate the user. Glad i do not have a smartphone. And this fkrum still frustrating to because the implemented the enter key wro g. 1 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted September 6, 2018 Share Posted September 6, 2018 29 minutes ago, Richardus Raymaker said: 2FA is a big anoyi g implementation and make thi gs not really saver. If you think E-mail is save that you use for 2FA. nope. The big problem is the user that use weak passwords. Click on wrong links. Use build in webbrowsers. Webbrowsers that hide default parts of the url. 2FA is just hell, to frudtrate the user. Glad i do not have a smartphone. And this fkrum still frustrating to because the implemented the enter key wro g. Noe iz toe tally save! Unlass sum1 steel yer fone 2 Link to comment Share on other sites More sharing options...
Solar Legion Posted September 6, 2018 Share Posted September 6, 2018 36 minutes ago, Richardus Raymaker said: And this fkrum still frustrating to because the implemented the enter key wro g. You've had this explained to you already and yet you persist .... You believe it is "wrong" - that does not make it so. Deal with it. 1 Link to comment Share on other sites More sharing options...
Blush Bravin Posted September 6, 2018 Share Posted September 6, 2018 Personally, I'm not a fan of two-step authentication. I think it's annoying. I'd rather use strong passwords and change those passwords often. I've seen lots of people get their accounts ripped but it happened because they clicked on phishing links. I may be sitting here with my head in the sand, but I just don't like the hassle of using two-step authentication. 2 Link to comment Share on other sites More sharing options...
Gabriele Graves Posted September 6, 2018 Share Posted September 6, 2018 (edited) Security is a continuum with secure, hard, annoying at one end and insecure, easy, convenient at the other. In my opinion, everyone should be allowed to choose where they want to be on the continuum as long as they are prepared to deal with the consequences. Edited September 6, 2018 by Gabriele Graves added missing 'they' 3 Link to comment Share on other sites More sharing options...
LittleMe Jewell Posted September 6, 2018 Share Posted September 6, 2018 4 hours ago, Richardus Raymaker said: 2FA is just hell, to frudtrate the user. Especially when you have difficulty typing via whatever method you choose to use. 1 2 Link to comment Share on other sites More sharing options...
Chaser Zaks Posted September 6, 2018 Share Posted September 6, 2018 (edited) As someone who actively advocates and encourages two factor authentication, I would like to point out the following: Two factor authentication is optional. No one is required to use it, but it provide extra layer of security for those who do want to use it. Two factor authentication, when programmed right, isn't always needed to be entered. Take Guild Wars 2 for example, I have 2FA set up on it, but it rarely asks for authentication because it has fingerprinted my device on what is normal. (Hense, three modes: No 2FA, Light 2FA(Fingerprinting), Strict 2FA(Always ask)). Two factor authentication is actually a lot easier than people make it out to be, you install a app(such as Google Authenticator), scan a QR code, and voila 2FA is set up! Number based 2FA isn't the only option. There is a physical 2FA that you plug into your computer and it does the authentication for you. You can also use SMS should you choose. Edited September 6, 2018 by Chaser Zaks 1 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted September 6, 2018 Share Posted September 6, 2018 I bet Russian hackers hate 2FA. Btw, 2FA is not to be confused with JFA. https://en.m.wikipedia.org/wiki/JFA_(band) Link to comment Share on other sites More sharing options...
Alyona Su Posted September 6, 2018 Share Posted September 6, 2018 If you use anything with the names Google or Android in it then this entire thread is moot. PROTIP: Use a strong password, change it often. Always better than 2FA or any other system and only improves said systems. 1 Link to comment Share on other sites More sharing options...
Blaise Glendevon Posted September 6, 2018 Share Posted September 6, 2018 Actually, the discussion on frequent password changes making you safer is still out. https://www.wired.com/2016/03/want-safer-passwords-dont-change-often/ 2 Step Authentication would irritate the living daylights out of me even more, though. Who has time? 1 Link to comment Share on other sites More sharing options...
Alyona Su Posted September 6, 2018 Share Posted September 6, 2018 50 minutes ago, Blaise Glendevon said: 2 Step Authentication would irritate the living daylights out of me even more, though. Who has time? I concur. The office I work for uses LastPass exclusively, at home I use Bit Warden, which I like better. Then there are others like 1Password and such. These are really the best answer when used with a truly secure password like "ygW9lT$#0oGF^9*!yz". But even if you don't want to use one of those, a longer password works great, like "ducks.are.yellow.or.green.but.usually.white" is better than "passworD123" Link to comment Share on other sites More sharing options...
Bradford Mint Posted September 6, 2018 Share Posted September 6, 2018 Mobile push authentication really isn't a faff at all. There are different authentication methods and risk engine parameters that reduce multifactor authentication to a level that is not intrusive. But yes, if you choose not to use it and suffer a breach, that's your issue to deal with. Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now