Jump to content

Two Factor Authenication (2FA)

Kimmi Zehetbauer
 Share
You are about to reply to a thread that has been inactive for 1091 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Gabriele Graves

Gabriele Graves

Posted
Posted (edited)
4 hours ago, Silent Mistwalker said:

Install yet another app just to be able to log in to SL? WTH?

Oh come on, don't be dramatic about it.  2FA/MFA is already security best practice for logging into websites where there is something of value to protect.  It is combining something you know (username + password) with something you have (a code generated on your device/PC only for example) which increases your security by magnitudes for just a small incovenience.  Pretty much any big name internet service already has it as an option.  You may not have encountered it before but millions of people out there are using it.

4 hours ago, Silent Mistwalker said:

Or can afford one.

Good job you don't need one for it then.

If done right, the code wouldn't be necessarily needed every time you login.  Different companies have different policies on this ranging from once a day to a week to a month or even only when something changes like a login from a new PC, password change or when you buy something with your credit card, etc.

Edited by Gabriele Graves
  • Like 2
  • Sad 1
Link to comment
Share on other sites
  • Replies 197
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Dragon Mommy
Dragon Mommy

2FA is sorely needed and I'm very glad to hear it is in the works. My hope is that one of the options will be software 2FA (such as Google authenticator app or other similar option) or even better lin

Kathrine Jansma
Kathrine Jansma

Some people own no mobile phone at all.

bigmoe Whitfield
bigmoe Whitfield

still am amazed,  in this day and age with all these companies out there, adobe, ect, having these leaks and passwords and account names and password floating about, that one would want to secure thei

Alwin Alcott

Alwin Alcott

Posted
Posted
7 minutes ago, Gabriele Graves said:

Oh come on, don't be dramatic about it. 

If done right, the code wouldn't be necessarily needed every time you login. 

quite some people use mutltiple accounts, for many reasons . Normally every change asks for a new code ... fun.
And.. again people have to give access to more personal details.. .. also fun.

  • Like 1
Link to comment
Share on other sites
Gabriele Graves

Gabriele Graves

Posted
Posted
1 minute ago, Alwin Alcott said:

quite some people use mutltiple accounts, for many reasons . Normally every change asks for a new code ... fun.
And.. again people have to give access to more personal details.. .. also fun.

I use several services with different policies and none of them require this every time.  Google has an option for 30 days on the same device/PC for example.  People with that many multiple accounts wouldn't turn it on would they?  Maybe they only turn it on for their main who brings in L$ and uses the credit card and distributes L$ to their alts?  There are options.

I don't know you mean about access to more personal details.  2FA does not require any additional personal details from anyone.  I would be very against it if that were the case as I am a big privacy advocate.

The vibe from those objecting on this topic is starting to sound like "I don't think LL should allow Paypal because I don't want to use it, even though it is optional!!!" That would be just as ridiculous a position to take.

2FA would be optional unless LL are really clueless about doing it.
 

  • Haha 1
Link to comment
Share on other sites
Alwin Alcott

Alwin Alcott

Posted
Posted (edited)
1 hour ago, Gabriele Graves said:

I don't know you mean about access to more personal details.  2FA does not require any additional personal details from anyone.  I would be very against it if that were the case as I am a big privacy advocate.

they get your phone number or device details, together with google, facebook or other "needed" social media things the tracking get more easy, if they don't now, they will tomorrow... another earning model for LL... sell more data

Edited by Alwin Alcott
  • Haha 1
Link to comment
Share on other sites
Gabriele Graves

Gabriele Graves

Posted
Posted (edited)
2 minutes ago, Alwin Alcott said:

they get your phone number or device details, together with google, facebook or other "needed" social media things the tracking get more easy, if they don't now, they will tomorrow... another earning model for LL... sell more data

Nope, none of that is necessary with 2FA if done with an authenticator.  No sharing phone numbers and no details about your device/PC are sent anywhere.

Edited by Gabriele Graves
  • Like 1
Link to comment
Share on other sites
Jaylinbridges

Jaylinbridges

Posted
Posted (edited)
1 hour ago, Gabriele Graves said:

2FA would be optional unless LL are really clueless about doing it.

Famous last words.  2FA would have to be optional or several accounts I use would need to quit SL.  This is not a simple issue when you consider the exceptions based on disability, travel (computers/offices in different states), and simply helping a partner out of an impossible technical situation.   I am already thinking of the workarounds needed if they make it mandatory.

Most of my financial RL accounts have 2FA and are NOT optional, btw.  If the batteries on my smartphone have run down, I need to wait long enough for the batteries to charge up to access the wireless network.  Pain in the azz, when I live home alone with an already strong password, and need to login quickly.  Impossible if I have my accounts installed on several computers at different locations.

 

 

Edited by Jaylinbridges
  • Like 2
Link to comment
Share on other sites
Kimmi Zehetbauer

Kimmi Zehetbauer

Posted
  • Author
Posted
3 minutes ago, Jaylinbridges said:

Famous last words.  2FA would have to be optional or several accounts I use would need to quit SL.  This is not a simple issue when you consider the exceptions based on disability, travel (computers/offices in different states), and simply helping a partner out of an impossible technical situation.   I am already thinking of the workarounds needed if they make it mandatory.

Most of my financial RL accounts have 2FA and are NOT optional, btw.  If the batteries on my smartphone have run down, I need to wait long enough for the batteries to charge up to access the wireless network.  Pain in the azz, when I live home alone with an already strong password, and need to login quickly.  Impossible if I have my accounts installed on several computers at different locations.

If it became mandatory, I'd be done with SL completely.

As for RL financial stuff --- I recently encountered an ATM at my own bank that started 2FA to get your cash on top of entering on the machine itself. I ended up calling the bank and told them and I don't use a smart phone. They said "Sorry, that is our new policy to protect our customers and if you don't have a phone, we have a partner carrier that can set you up." I ended up leaving that bank after a long time.

  • Like 1
  • Sad 1
Link to comment
Share on other sites
Gabriele Graves

Gabriele Graves

Posted
Posted (edited)
10 minutes ago, Jaylinbridges said:

Famous last words.  2FA would have to be optional or several accounts I use would need to quit SL.  This is not a simple issue when you consider the exceptions based on disability, travel (computers/offices in different states), and simply helping a partner out of an impossible technical situation.   I am already thinking of the workarounds needed if they make it mandatory.

Most of my financial RL accounts have 2FA and are NOT optional, btw.  If the batteries on my smartphone have run down, I need to wait long enough for the batteries to charge up to access the wireless network.  Pain in the azz, when I live home alone with an already strong password, and need to login quickly.  Impossible if I have my accounts installed on several computers at different locations.

Not one of the services I use have mandatory 2FA nor do they require a cell phone - so counterpoint.  I guess you have to choose your services wisely.  LL could pull any number of very unwise stunts and cause thousands of people to leave but would they really kill the golden goose this way?  I am sceptical but if they did I could understand people not being happy about it but really if you think they would then surely it is only a matter of time before they ruin SL for you anyway?

Edited by Gabriele Graves
Link to comment
Share on other sites
bigmoe Whitfield

bigmoe Whitfield

Posted
Posted
9 minutes ago, Kimmi Zehetbauer said:

If it became mandatory, I'd be done with SL completely.

As for RL financial stuff --- I recently encountered an ATM at my own bank that started 2FA to get your cash on top of entering on the machine itself. I ended up calling the bank and told them and I don't use a smart phone. They said "Sorry, that is our new policy to protect our customers and if you don't have a phone, we have a partner carrier that can set you up." I ended up leaving that bank after a long time.

well account security is on you and you alone than.  Have a good day :)

Link to comment
Share on other sites
Alwin Alcott

Alwin Alcott

Posted
Posted
6 minutes ago, Gabriele Graves said:

Not one of the services I use have mandatory 2FA nor do they require a cell phone - so counterpoint.  I guess you have to choose your services wisely. 

don't overstep your points... it's getting a little overdone now.
I have several official services i NEED to participate in, and they only allow codes by phone or phone app. There is no way around it.

And aboutleaving SL  for changes?... that happened all the years with big impact changes by LL. This could be just another one, could ask if that's wise in a already declining userbase, because what they seem to want .. a shiny perect virtual world... isn't going to happen anymore. And together with the fee rise... bad ideas.

  • Like 1
Link to comment
Share on other sites
Kimmi Zehetbauer

Kimmi Zehetbauer

Posted
  • Author
Posted
1 minute ago, Love Zhaoying said:

Any good 2FA options without phone? Email + click a link in it?

Many mboards do that and it's been an option for most forum software since when the dinosaurs roamed the planet. But many services don't do that option any more or if they do, still require the phone, like my old bank I fired.

  • Like 1
Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted
31 minutes ago, Gabriele Graves said:

Not one of the services I use have mandatory 2FA nor do they require a cell phone - so counterpoint. 

Think I am doing business with 3 or 4 companies actively right now that ask for 2FA on occasion (mostly professional services, doctors etc.). Microsoft used to (programmer stuff) but it got wayyy too annoying since it asked me every. darn. time. for the SMS code, etc.

Link to comment
Share on other sites
Gabriele Graves

Gabriele Graves

Posted
Posted
1 hour ago, Alwin Alcott said:

don't overstep your points... it's getting a little overdone now.

Thank you for your opinion, duly noted and ignored.  🙄

1 hour ago, Alwin Alcott said:

I have several official services i NEED to participate in, and they only allow codes by phone or phone app. There is no way around it.

It's unfortunate that those services aren't better at security or privacy because that is what it boils down to and that does suck.

1 hour ago, Alwin Alcott said:

And aboutleaving SL  for changes?... that happened all the years with big impact changes by LL. This could be just another one, could ask if that's wise in a already declining userbase, because what they seem to want .. a shiny perect virtual world... isn't going to happen anymore. And together with the fee rise... bad ideas.

Like I said, if LL are intent an making a huge misstep and alienating the userbase then there is nothing you or I can do about and discussing the merits of 2FA when done properly here, isn't going to make any difference nor is it a 2FA problem.

Link to comment
Share on other sites
Gabriele Graves

Gabriele Graves

Posted
Posted
49 minutes ago, Love Zhaoying said:

Think I am doing business with 3 or 4 companies actively right now that ask for 2FA on occasion (mostly professional services, doctors etc.). Microsoft used to (programmer stuff) but it got wayyy too annoying since it asked me every. darn. time. for the SMS code, etc.

Isn't anecdotal data fantastic?  It literally proves nothing.  😁

  • Like 1
Link to comment
Share on other sites
bigmoe Whitfield

bigmoe Whitfield

Posted
Posted

still am amazed,  in this day and age with all these companies out there, adobe, ect, having these leaks and passwords and account names and password floating about, that one would want to secure their accounts so they would not lose them or lose the ability to access them.   what disconnect am I missing here?

  • Like 6
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 1091 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...