Jump to content

Recommended Posts

21 minutes ago, sirhc DeSantis said:

Nuke Log in with saved password ( across viewers ) - I mean. What moron does that.

..raises both hands and flails them about!

Mind you I live alone, my Mac is password protected, sleeps after one minute of inactivity, requires the password when waking, and my sugar momma account (the only one with PIOF) isn't in the list of saved passwords.

Share this post


Link to post
Share on other sites
5 hours ago, sirhc DeSantis said:

I gave up on this after being told it is my civic duty to have a tracker phone ( hi Qie if you can read this on what planet you live on)

Same planet. It's a question of millenium.

I can't get my head around the idea that the null set doesn't describe the intersection of SL users and those not carrying a smartphone. Who are these people? and whoever they are, how could they, of all people, not appreciate the drive for improved account security?

Share this post


Link to post
Share on other sites
Posted (edited)
6 hours ago, Qie Niangao said:

I can't get my head around the idea that the null set doesn't describe the intersection of SL users and those not carrying a smartphone. 

Calling folks Luddites who do not live in the weird paradigma of the only country that counts as well as industrialized and third world sounds .... arrogant. Smartphones are mostly useless toys that just waste way too much energy in both production and use... those little "Throw away after a year" gizmos have children's blood on them - why should I support that crap without a need just to support my own vanity? In case you wonder who on the Forums does not own one - I for example don't.

Edited by Fionalein
  • Like 2

Share this post


Link to post
Share on other sites

Those positions would all be defensible from an off-the-grid yurt. But from Second Life users? Of all the uses of energy and exploitations of unsavory materials and labor practices in the manufacture of technology (routers, servers, power distribution, etc., etc.), gaming and entertainment must be the hardest to justify. And yet here we are.

Share this post


Link to post
Share on other sites

I'd only make 2FA an option. I've only recently heard about something coming along that's been in the works. It's called FIDO2/WebAuthn. Looks like something worth keeping an eye on. It's not just something you use for SL but any sites and even your own OS desktop. There's also an NFC small range swipe verification method.

"FIDO2 is an extension of FIDO U2F, and offers the same level of high-security based on public key cryptography. FIDO2 offers expanded authentication options including strong single factor (passwordless), strong two factor, and multi-factor authentication. With these new capabilities, the YubiKey can entirely replace weak static username/password credentials with strong hardware-backed public/private-key credentials. These credentials cannot be reused, replayed, or shared across services, and are not subject to phishing and MiTM attacks or server breaches."

https://www.yubico.com/solutions/fido2/

Don't want to buy a Yubico? You can make your own with an open source option.

https://github.com/solokeys/solo

Share this post


Link to post
Share on other sites

Ask yourself this, what happens if your phone suddenly gets broken/lost/stolen?

I used 2FA before, but ever since a few years ago when my phone died and I had massive headaches to get back all my stuff that was protected with it, never again.

  • Like 3

Share this post


Link to post
Share on other sites
On 3/27/2019 at 4:34 AM, ThorinII said:

By the way, I just checked the password I'm using for my SL account on that site:

So why would I need a second authentification?

I would advise against typing your password into any field asking to see how secure it is. It seems akin to mailing a hundred dollar bill to Frank's Banks which promises to tell you whether or not it's counterfeit and promises it won't use your cash on the internet.

  • Like 2

Share this post


Link to post
Share on other sites

Theres no reason to not have it as optional. Many other games and sites online have optional 2fa. Its a very successful way to keep peoples accounts secure from the most common of attacks. People logging in from anything other than where you normally log in. Even if you fall for a keylogger style attack on your own PC and they get your password, they cant login from where they are without also having access to your phone.

I dont really know how many people are actually trying to steal SL accounts anyway, but again, no reason to not have it as optional.

  • Like 2

Share this post


Link to post
Share on other sites

Barring two factor authentication, a great deal of added security could be had if your account log in was separate from your user name and couldn't be looked up by anyone other than LL. It would prevent account spoofing and a lot of phishing attacks since there'd be no way to spoof the actual account log-in name. Keep the unchangable user name and the changable display name, just don't use those to log in with and make it so there was no reverse lookup possible other than by LL. That way, even if somebody found out your inworld user name and password, it still wouldn't do them any good.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...