Jump to content
Sign in to follow this  
Mistress69Nikita

Account Security

Recommended Posts

I was wondering if someone could help me understand the security of Linden. But so as to be clear, I don't care if linden has the information. I care about those with mallicious intent that for trolling or profit, make use of the information in a detrimental way.

I'm new and my issue is that when making payments to a Linden account it keeps a record of your personal information in the process. 

In the event that your account is hacked, perhaps by phishing, there would be a link between your personal life and second life. I would think it to be like opening up someone's skype or msn and seeing all their personal conversations.

The potential money loss is second (there are contingencies in place to reclaim it) to the privicy breach that may occur. 

I've played Eve in the past which I think gave a good spectrum of examples of what can happen when personal information gets out into the wrong hands. What was one example... Sending private photos to someones work while making a huge number of prank pizza calls to the same place. This and I don't see how it would be different here. People don't change and there will always be someone that will try to do this.

Now, would it be safer to make a dummy account and transfer linden from it to my main account? (with a different password)... Would you be able to buy a premium membership doing so?

Accidentally hacking an account then being forced to hack a particular account would be excessively harder then just getting lucky. The low frequency of its use also reduces risk.

I also understand Linden would react to scenarios like this but unfortunately I can only see them reacting after the fact. The IP check might stop it from a new log in location but I'm sure there are ways around that. Once someone discretely gets that information, its hard to defend because you don't know to change your passwords.

Share this post


Link to post
Share on other sites

For what it's worth. Nearly 10 yrs in SL, using a decicated SL email. Still not seen a single instance of spam in my inbox. They must be doing something right.

Share this post


Link to post
Share on other sites

I've been in SL 10+ years and never had a problem.

As far as account security is concerned accounts can't be hacked but can be compromised if you are careless. Therefore you are responsible for keeping your account secure under the Terms of Service.  There are two ways that security breaches to get RL info occur. 

The first is clicking on a link you see in world.  For example: Some people make websites that have addresses that look like the address for the SL Marketplace but take you to a phishing site.  The safest thing to do is always go to these sites yourself rather than clicking a link and never go to a website you don't recognize.  Actually it's best to avoid clicking links altogether, then you never have to worry about this.

The second is giving anyone your password.  Even if you think they are the most trust worthy person in the world this is a huge NO.  Not only is it against the TOS, but time and time again I've see relationships break down and a former friend and partner use the password to get into an account to 'get even'.

As far as stealing just money without getting RL info, never accept an object from someone you don't know then rez it.  Although you will get a dialog asking if it's ok to debit your account, many people don't pay attention and just click yes.  If you don't rez it, It can't hurt you.  So if you accidentally accept something, just delete it from your inventory.  Note however there are times that giving debit permissions is necessary, such as a vendor system that refunds money if the wrong amount is paid, or an object that you own that pays an employee automatically from your account.  So pay close attention to dialog boxes and think carefully before you agree to anything.  Think if it is this really needed to accomplish what this object is supposed to do.  If unsure, ask in the forums here.  You can also test an item by paying it yourself to yourself and looking at your transaction history on your dashboard to see if the money is going where it is supposed to go and not to someone else.

In general never use a password that may be easy to guess, such as a nickname, a common word etc.  The best is a random combination of letters and numbers, caps and lower case that isn't a word at all.  It's also good to change your password frequently.

Welcome to SL.  You have a grand and secure adventure ahead of you if you follow these tips.

Share this post


Link to post
Share on other sites

If you pay attention to the news you know that ANY company including the very biggest as well as governments CAN be hacked. Before I joined there was some kind of fiasco with personal info getting out from SL (likely a Google search would find that out; it must have been 11 years back or so).

 

The big risk of course is clicking on a wrong button or sharing your password.   As far as I can see you are as safe here as anywhere on the web or the real world where a computer is involved. 

 

I also suggest that you NEVER leave your login info on automatic login in your browser or viewer. That is most likely the biggest risk folks take.

 

Share this post


Link to post
Share on other sites

As far as I know no SL account has ever been 'Hacked' ever, you mention ' phishing' and that is down to lets say people being less than vigilant when clicking links etc, so that is totally down to the user to make sure they don't do anything stupid!

Share this post


Link to post
Share on other sites

 

I also suggest that you NEVER leave your login info on automatic login in your browser or viewer. That is most likely the biggest risk folks take.

 

I would say the opposite, if you store them your never ever fall for the fake MP links you get pop up in group chat coz when your click the space for your login name it wont come up and alarm bells will ring for you to check that url is correct,

I have so many logins and passwords I could never ever remember them all, so i would have to write them down in a lil black book or something.

Share this post


Link to post
Share on other sites

Yeah. I've seen the second JIRA link you provided before. Who knows... maybe some day.  Two-step may not be 100% phish or virus proof, but it's a little better than just relying on a password.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...