Why Does SL Not Have 2 Factor Authentication For Accounts?

[Silent Mistwalker]

3 hours ago, Chris Nova said:

Oh, give me a break. Those against or questioning it need to sit this one out to really reconsider their idiotic position. 2FA should be mandatory. I’m not going into the whys of it because those same people are just going to argue and be annoying without actually thinking.

Mandatory for logging into the grid? That is overkill. Completely unnecessary and an unnecessary expense. Buying Ls or paying tier via Tilia? That is where 2FA is needed. 

Now you can be the one to shut up and sit down.

[Rowan Amore]

5 minutes ago, Silent Mistwalker said:

Mandatory for logging into the grid? That is overkill. Completely unnecessary and an unnecessary expense. Buying Ls or paying tier via Tilia? That is where 2FA is needed. 

Now you can be the one to shut up and sit down.

The only problem is, if your account is compromised and someone has logged in, they can easily purchase Ls through the viewer without any extra verification.  They could then pass those Ls to another account.  Perhaps the solution would be to disallow purchasing Ls through the viewer?  

ETA  I do agree that it's unnecessary for simply logging in.  Purchasing Ls should not be connected to that in any way.   As you suggest, it should be a separate thing with Tilia and not viewer related.

Edited July 25, 2021 by Rowan Amore

[Coffee Pancake]

At this point I'm half expecting we (SL) probably wont directly get 2FA, that would only protected our worthless Linden tokens. Tilia on the other hand almost certainly will which makes the whole implementation more complicated.

That's not to say SL shouldn't have 2FA (it should) but in order for it to be effective it would have to challenged regularly and not optional in anyway.

Creating the base mechanism for 2FA using an external authenticator app (like google's) or code to email, is relatively straightforward. The complicated part comes from the support side as any such system will lock people out of their accounts by design.

[Sid Nagy]

A good thing to start with would be if LL required a new password every x months.
Or would sent an e-mail notification if SL is accessed from a new IP address with your account.

Edited July 25, 2021 by Sid Nagy

[Silent Mistwalker]

2 minutes ago, Rowan Amore said:

The only problem is, if your account is compromised and someone has logged in, they can easily purchase Ls through the viewer without any extra verification.  They could then pass those Ls to another account.  Perhaps the solution would be to disallow purchasing Ls through the viewer?  

It still goes through Tilia. 

There is a reason I no longer leave my current card information on any account online any more. I was lucky and someone who knew me and knew I had just logged out for the night saw my account spamming one of the largest groups I was in at the time and called me. I was on the phone with LL shortly after and had my account back within a few minutes with no loss of money.

Disallowing Ls purchases from the viewer is not a solution. Forcing people to have to buy from the exchange is not a solution. Adding 2fa to all Tilia transactions (since it all goes through Tilia now) is the solution. But for logging into the grid? That is going too far with it.

 

[Silent Mistwalker]

17 minutes ago, Rowan Amore said:

The only problem is, if your account is compromised and someone has logged in, they can easily purchase Ls through the viewer without any extra verification.  They could then pass those Ls to another account.  Perhaps the solution would be to disallow purchasing Ls through the viewer?  

ETA  I do agree that it's unnecessary for simply logging in.  Purchasing Ls should not be connected to that in any way.   As you suggest, it should be a separate thing with Tilia and not viewer related.

 

I see what you did there. LOL

 

[Love Zhaoying]

19 hours ago, Cristiano Midnight said:

After 18 years, why does SL still not have the basic account security feature of 2 factor authentication?

Because, reasons.

[Rowan Amore]

9 minutes ago, Silent Mistwalker said:

 

I see what you did there. LOL

 

What I mean is, just the simple fact you have logged into SL with only your password allows you to purchase Ls.  If it required the 2FA from the website AND the viewer to purchase Ls, I would be fine with that.  Just the simple fact that the website requires you to use your password even if you are already logged into the website yet the viewer does NOT, doesn't seem wise to me.   They are both through Tilia and both from the exchange.  Viewer purchases are just always Market buy and not Limit buy.

[Innula Zenovka]

4 minutes ago, Rowan Amore said:

If you purchase Ls through the viewer, you're not required to use your password.  I guess they assume you are you since you've logged in.  If you purchase them from the website, even if you ARE logged in on the website, they again ask you your password.  

What happens then?  I've never needed to buy L$ since Tilia, certainly, but I imagine it's then like any other online transaction where you have an existing account.

I don't see why TFA should be an issue before  we get here, at least.

 

 

 

[Silent Mistwalker]

7 minutes ago, Rowan Amore said:

Viewer purchases are just always Market buy and not Limit buy.

I know that.

What I am saying is this. If you buy Ls through the viewer (not the exchange) when you place your order, you should be asked to verify. If you are just logging into the grid and not buying Ls that day then the 2fa is unnecessary. Authentication is only necessary when making L purchases, cashing out, paying tier with USD, etc.  I should not need to jump through any additional authentication hoops just to log into the grid and check my messages, chat, build, take pics, etc.

On the rare occasion I can afford to buy Ls, it is through what you are calling Market buy. That is the only point at which I should be asked to verify since I do not cash out, buy/sell on the market, or any of the other things that involve RL money.

I think we're saying the same thing just with different approaches.

[Kimmi Zehetbauer]

Just now, Silent Mistwalker said:

I know that.

What I am saying is this. If you buy Ls through the viewer (not the exchange) when you place your order, you should be asked to verify. If you are just logging into the grid and not buying Ls that day then the 2fa is unnecessary. Authentication is only necessary when making L purchases, cashing out, paying tier with USD, etc.  I should not need to jump through any additional authentication hoops just to log into the grid and check my messages, chat, build, take pics, etc.

On the rare occasion I can afford to buy Ls, it is through what you are calling Market buy. That is the only point at which I should be asked to verify since I do not cash out, buy/sell on the market, or any of the other things that involve RL money.

I think we're saying the same thing just with different approaches.

The client probably could show a box when buying in world, like for your password.

[Qie Niangao]

Although it may be that 2FA would benefit folks who buy L$s, they don't seem the ones who most need the protection. I don't have anything to do with Estate finances, but they must carry vast L$+US$ balances on some SL accounts, collected from renters in L$s, converted, and destined for payment to LL when monthly fees are due. (Isn't that how it works?) Those seem the most likely targets for the most sophisticated scamming, and if somebody can crack even their SL login, there must be a lot of money at stake in L$ rent payments pending conversion. Right?

It's fine to fret about whether this or that particular 2FA method is less than perfectly effective against this or that phishing scam targeted at naive users, but there are much bigger risks at stake. Whether those with much less at risk choose to opt-in to 2FA seems kinda beside the point.

(There are other, relatively easy measures far short of 2FA that should have been required of every viewer to make it a little harder to phish the small-fry. I'm puzzled why those steps weren't taken years ago, but that doesn't diminish the need for 2FA at least for the major accounts.)

[Rowan Amore]

9 minutes ago, Innula Zenovka said:

What happens then?  I've never needed to buy L$ since Tilia, certainly, but I imagine it's then like any other online transaction where you have an existing account.

I don't see why TFA should be an issue before  we get here, at least.

 

 

 

I'm not saying you need 2FA to log in but you should need it to purchase Ls THROUGH the viewer.  Someone gets access to your account, logs in and is able to purchase Ls without anything other than your SL log in password.  That needs to change IMO.  No one is asking for 2FA just to log into SL.

[Madelaine McMasters]

1 hour ago, Rolig Loon said:

Being outside, especially in convertibles, puts people at risk.

No kidding!

Particularly if they're in my convertible.

Zoom, zoom!

[Sid Nagy]

A PIN-code for all transactions, before every purchase in world and market place, buying or selling order, all money transfers.
A small pop-up screen, 4 digits. done.

I would choose four zero's.
But of course I will not tell you in which order they go.

[Alwin Alcott]

5 minutes ago, Sid Nagy said:

A PIN-code for all transactions, before every purchase in world and market place, buying or selling order, all money transfers.
A small pop-up screen, 4 digits. done.

I would choose four zero's.
But of course I will not tell you in which order they go.

yes but it shows the most important thing.. whatever they do... the weakness isn't in the system but the user.

[Love Zhaoying]

1 hour ago, Silent Mistwalker said:

1 hour ago, Rowan Amore said:

As you suggest, it should be a separate thing with Tilia and not viewer related.

 

I see what you did there. LOL

Hmm..since Tilia is a different company than Second Life, aren't discussions about Tilia technically..off topic?

 

[Love Zhaoying]

37 minutes ago, Silent Mistwalker said:

Authentication is only necessary when making L purchases, cashing out, paying tier with USD, etc.

I see the "etc." but here's a scenario: someone logs into your account, not to purchase L$, but to give all your L$ to a series of "straw" (including random) avatars..some of which will give the L$ to the real thief's account.. require authentication for L$ transfers, or not?

[Sid Nagy]

6 minutes ago, Love Zhaoying said:

Hmm..since Tilia is a different company than Second Life, aren't discussions about Tilia technically..off topic?

 

 

Tillia is mentioned next to Linden Lab at the bottom of each page here, so I guess it is on topic.
And besides, if we can discuss Bezos's space flight and vaccination in this section, why not Tillia?

[Moondira]

2 hours ago, Rolig Loon said:

Every year, 40,000 tons of meteoritic debris hit the Earth. Some meteorites are very large and can cause significant damage.  The Tunguska meteorite that struck Siberia in 1908, for example, flattened 2000 sq miles of forest.  They can also cause personal injury.  On 30 November 1954 in Sylacauga, Alabama, a 4-kilogram (8.8 lb) stone meteorite crashed through a roof and hit Ann Hodges in her living room after it bounced off her radio. She was badly bruised. A dog was killed by the fall of the Nakhla meteorite in Egypt, in 1911. Shortly after a 2007 impact event in Peru, there were rumors of a goat and a llama being killed by the impact. 

In addition, more than 27,000 pieces of orbital debris, or “space junk,” are tracked by the Department of Defense's global Space Surveillance Network (SSN) sensors.  According to NASA, an average of one piece of debris large enough to be catalogued has fallen back to Earth each day for the past 50 years.

Clearly, we are at risk from objects falling from the sky. Being outside, especially in convertibles, puts people at risk. Obviously, though, people can be injured by objects falling from space even if they are inside, as Ann Hodges was.  We need a robust governmental program to provide sturdy metal roofs for all buildings and to place protective canopies over all roads and public gathering areas. This will cost money, of course, but human lives (and dogs, goats, and llamas) are at stake.

Noooo....I like to see the sky!  😉

[Love Zhaoying]

5 minutes ago, Sid Nagy said:

Tillia is mentioned next to Linden Lab at the bottom of each page here, so I guess it is on topic.
And besides, if we can discuss Bezos's space flight and vaccination in this section, why not Tillia?

I apologize if my slight sarcasm and irony were insufficient! 

[Rolig Loon]

1 hour ago, Moondira said:

Noooo....I like to see the sky!  😉

YAY!  🌟

I was afraid maybe I had been too subtle. My point was that Chicken Little is right; the sky is falling.  There's no way to get around the fact that life is risky.  From the day that you are born, you face the certain risk that some day you are going to die.  It's risky to just sit all day and do nothing at all. The task, then, is not to deny risk but to figure out which risk is worth worrying about. As I understand it, that's what Innula has been getting at, too.

As several recent threads in this forum have demonstrated, it is very easy to identify a risk and then cherry-pick verified or anecdotal observations to make you worry (like, yes indeed, Ann Hodges really did get injured by a meteorite and a moderate-sized impact in Siberia really did flatten a whole lot of trees). It's something quite different to figure out whether the risk is greater than all the others around you.  It doesn't make sense to leap to the conclusion that we have a serious problem until you've gathered enough data.  It's even less reasonable to leap beyond that and design solutions that might create even more risks or divert valuable resources that could be applied to higher-priority problems.  There's a lot of serious work to do before you get engineers designing widgets to fix the world.

Edited July 25, 2021 by Rolig Loon

[Silent Mistwalker]

1 hour ago, Love Zhaoying said:

I see the "etc." but here's a scenario: someone logs into your account, not to purchase L$, but to give all your L$ to a series of "straw" (including random) avatars..some of which will give the L$ to the real thief's account.. require authentication for L$ transfers, or not?

Did you hurt your back reaching that far? I'm teasing.

The transaction to pay for those Ls had already occurred and was a legal transaction. Someone stealing Ls from an account that does not involve the exchange of USD does not involve Tilia. And LL doesn't get involved in resident disputes. So.... now what? 

That would be taking the authentication hoops a bit too far, I think. LL can't protect us from everything. We have to do that for ourselves.

[Qie Niangao]

1 hour ago, Rolig Loon said:

YAY!  🌟

I was afraid maybe I had been too subtle. My point was that Chicken Little is right; the sky is falling.  There's no way to get around the fact that life is risky.  From the day that you are born, you face the certain risk that some day you are going to die.  It's risky to just sit all day and do nothing at all. The task, then, is not to deny risk but to figure out which risk is worth worrying about. As I understand it, that's what Innula has been getting at, too.

As several recent threads in this forum have demonstrated, it is very easy to identify a risk and then cherry-pick verified or anecdotal observations to make you worry (like, yes indeed, Ann Hodges really did get injured by a meteorite and a moderate-sized impact in Siberia really did flatten a whole lot of trees). It's something quite different to figure out whether the risk is greater than all the others around you.  It doesn't make sense to leap to the conclusion that we have a serious problem until you've gathered enough data.  It's even less reasonable to leap beyond that and design solutions that might create even more risks or divert valuable resources that could be applied to higher-priority problems.  There's a lot of serious work to do before you get engineers designing widgets to fix the world.

Perhaps this is more challenging than I know, but it's not as if the Lab would be inventing meteorite-catching devices here; many many businesses already have some 2FA in service.

That is, however, a question for those more current in the technological underpinnings of the financial service industry: Aren't commercial 2FA solutions already available for easy integration? I suppose when resources are really tight, no integration can ever be "easy" enough, but still this can't be anywhere nearly as challenging as replacing the OpenGL graphics API (which I grant is an existential need whereas 2FA is… something less urgent).

[Rolig Loon]

5 minutes ago, Qie Niangao said:

Perhaps this is more challenging than I know, but it's not as if the Lab would be inventing meteorite-catching devices here; many many businesses already have some 2FA in service.

That is, however, a question for those more current in the technological underpinnings of the financial service industry: Aren't commercial 2FA solutions already available for easy integration? I suppose when resources are really tight, no integration can ever be "easy" enough, but still this can't be anywhere nearly as challenging as replacing the OpenGL graphics API (which I grant is an existential need whereas 2FA is… something less urgent).

Quite true, but it still begs the question of whether it is needed.  Engineers make that mistake all the time.  They buy a keypad for some AI refrigerator or whatever that happens to have five buttons on its user interface.  They really only needed four buttons but , what the heck, the fifth one was already on the keypad so ..... "What can we do with an extra button?" Adding an extra function just because you happen to have one handy isn't a good excuse.  As you point out, "2FA is… something less urgent" than other things the Lab might be using its limited manpower on. Or, more correctly, unless there is some demonstrated need for it, adding 2FA to the viewer/server package is premature.  Analyze the risks, assess the need, and then work on a solution.