Why Does SL Not Have 2 Factor Authentication For Accounts?

[Qie Niangao]

10 minutes ago, Rolig Loon said:

 Or, more correctly, unless there is some demonstrated need for it, adding 2FA to the viewer/server package is premature.  Analyze the risks, assess the need, and then work on a solution.

I dunno. If most every other business that conveys fungible tokens of value, and other businesses concerned with protecting user identity are already juggling the 2FA meteorites, I think the onus would be on demonstrating why it's uniquely unnecessary for SL. 

[Rolig Loon]

3 minutes ago, Qie Niangao said:

I dunno. If most every other business that conveys fungible tokens of value, and other businesses concerned with protecting user identity are already juggling the 2FA meteorites, I think the onus would be on demonstrating why it's uniquely unnecessary for SL. 

I dunno either, frankly, but that's really my point, Qie.  Before you start applying a solution, you need to first demonstrate whether it's necessary or not.  If you begin by saying, "We have a handy solution.  I wonder if we have a problem to use it on?" you may be going to extra work or -- heaven forbid -- actually creating more problems for yourself.  To quote our apocryphal mothers, "If all your friends were jumping off the roof, would that mean it's a good idea for you to do it too?"  Maybe the answer is yes, but not unless you've thought it through and balanced the risks and benefits carefully.

[Innula Zenovka]

2 hours ago, Qie Niangao said:

Perhaps this is more challenging than I know, but it's not as if the Lab would be inventing meteorite-catching devices here; many many businesses already have some 2FA in service.

That is, however, a question for those more current in the technological underpinnings of the financial service industry: Aren't commercial 2FA solutions already available for easy integration? I suppose when resources are really tight, no integration can ever be "easy" enough, but still this can't be anywhere nearly as challenging as replacing the OpenGL graphics API (which I grant is an existential need whereas 2FA is… something less urgent).

I don't think the issue is whether 2FA solutions are easy or difficult but who should require it and when -- LL when you log in with the viewer, or Tilia if you try to buy L$ .

All I need to get into my accounts with Amazon or eBay are my account name and password, and then when I want to buy something they ask my card issuer to authorise the transaction.     The issuer then confirms it's me -- whether because I've entered my CVV number or via 2FA -- and tells  Amazon the transaction is authorised.    

Why should SL-Tilia do it differently -- that is, username and password to get into SL and then if I want to buy any L$ while I'm logged in, Tilia handle the verification with my credit card at that stage?

 

[bigmoe Whitfield]

I want 2fa on login,  Lindex purchases, ect.   I have it set like that every other place online I can.    I do not see why something I've invested so heavily in does not have it.

[Chris Corvinus]

1 hour ago, Innula Zenovka said:

I don't think the issue is whether 2FA solutions are easy or difficult but who should require it and when -- LL when you log in with the viewer, or Tilia if you try to buy L$ .

All I need to get into my accounts with Amazon or eBay are my account name and password, and then when I want to buy something they ask my card issuer to authorise the transaction.     The issuer then confirms it's me -- whether because I've entered my CVV number or via 2FA -- and tells  Amazon the transaction is authorised.    

Why should SL-Tilia do it differently -- that is, username and password to get into SL and then if I want to buy any L$ while I'm logged in, Tilia handle the verification with my credit card at that stage?

 

So someone doesn’t hack your account and take your lindens that you purchased with real life money. I mean, honestly….both Amazon and EBay support 2FA. 

[Innula Zenovka]

54 minutes ago, Chris Nova said:

So someone doesn’t hack your account and take your lindens that you purchased with real life money. I mean, honestly….both Amazon and EBay support 2FA. 

This is why I want to know how widespread a problem there is with people breaking into other people's accounts.

I want to know how often it happens, and how much money is, on average, at risk.    I mean, how much do most of us keep in our accounts to lose?   Few of us actually ever cash out at all, and certainly I generally cash out before I'm anywhere close to having more in my account than I can afford to lose.     

I suspect the dollar value actual amount of money stolen through fraudulent log-ins each year is pretty low, and the number of people affected similarly small,  when considered as a proportion of total log-ins and the size of the SL economy, and that it's probably not a problem that's worth fixing (at least not before they've fixed half a dozen more pressing issues with the viewer).   

But I don't know, because I don't think it's possible to say for sure without seeing the figures.   I'd need to know how much money is lost each year, by how many people, how much it would cost to have 2FA, how many fraudulent log ins that would prevent annually, and how much money that would save. 

LL are the only ones in who know what the figures are and are therefore the only ones in position to make an informed judgment.    While obviously their judgement is hardly infallible, they clearly don't see it as a priority, and I can't say I ever give much thought to someone breaking into my account.   

Maybe I should be more worried, but even if the worst were to happen and my SL account were to be compromised, it would be very annoying and a gross intrusion of my privacy,  but it wouldn't be anything like someone getting into my bank or credit card accounts.   It might hurt a bit if my L$s were to vanish but it wouldn't be a major crisis. 

 

Edited July 26, 2021 by Innula Zenovka

[Chris Corvinus]

11 minutes ago, Innula Zenovka said:

but it wouldn't be anything like someone getting into my bank or credit card accounts.

Nah, your bank accounts are totally fine lmao

[Rolig Loon]

The trouble is that all we have is random unverified reports.  As Innula says, there may be a huge problem out there, but there's no way for us to tell.   I suspect that if it was a really big problem that was going to cost Linden Lab big bucks each year, they'd consider 2FA or whatever method minimizes their risk enough.  There's no point in setting it up if it's only minor issue, though.  For right now, all I have is anecdotal information.  Like Innula, I have been here 14 years and never had any trouble at all, and I don't know anyone personally who has either.

[Rowan Amore]

6 minutes ago, Rolig Loon said:

The trouble is that all we have is random unverified reports.  As Innula says, there may be a huge problem out there, but there's no way for us to tell.   I suspect that if it was a really big problem that was going to cost Linden Lab big bucks each year, they'd consider 2FA or whatever method minimizes their risk enough.  There's no point in setting it up if it's only minor issue, though.  For right now, all I have is anecdotal information.  Like Innula, I have been here 14 years and never had any trouble at all, and I don't know anyone personally who has either.

Why would it cost LL anything if people had their accounts compromised?  It would be classified as a 'resident to resident' dispute, they would tell you to change your password but would they give back the RL money?

Someone logs into my SL account.  They purchase 100,000L using my payment info on file.  They transfer that to a throw away account they made.  That account cashes out using fraudulent credentials.  Deletes that account.  I am now out $400+.   Where along that line does LL lose any money?  Don't they actually make money on transaction fees?

Meanwhile, I have to dispute the charge on my credit card.  I may or may not get my money back.  

[Drenda]

37 minutes ago, Rowan Amore said:

Why would it cost LL anything if people had their accounts compromised?  It would be classified as a 'resident to resident' dispute, they would tell you to change your password but would they give back the RL money?

They would not call that a "resident to resident" dispute.  A stranger logs into your account and steals lindens and other inventory, is not a dispute, it is theft.  LL can track your account logins and transactions.  If you are quick to notice they can usually recover your lost funds.  I have known several cases of high linden balances being stolen and LL returning the lindens to the account owner.   You use this form to file a theft report:

 

[Rowan Amore]

I'm in no way asking for 2fa just to log into SL. There is no need for that IMO.  But, if you allow purchasing Ls through the viewer, then it seems it would be easy enough to have a popup window to verify before that purchase can be made.  It has always struck me as odd that you must be logged into the website AND reenter your password to purchase Ls yet that is not required for viewer purchases.  Why?

[Rowan Amore]

Just now, Drenda said:

They would not call that a "resident to resident" dispute.  A stranger logs into your account and steals lindens and other inventory, is not a dispute, it is theft.  LL can track your account logins and transactions.  If you are quick to notice they can usually recover your lost funds.  I have known several cases of high linden balances being stolen and LL returning the lindens to the account owner.   You use this form to file a theft report:

But they reimburse in Ls?  What good does that do me?  I'm still out $400.  They didn't steal MY Ls.  They purchased them using my payment info.  

[Chris Corvinus]

14 minutes ago, Rowan Amore said:

I'm in no way asking for 2fa just to log into SL. There is no need for that IMO.  But, if you allow purchasing Ls through the viewer, then it seems it would be easy enough to have a popup window to verify before that purchase can be made.  It has always struck me as odd that you must be logged into the website AND reenter your password to purchase Ls yet that is not required for viewer purchases.  Why?

And what about the people who purchase lindens through the viewer multiple times a day? Especially since LL added more “tax” on transactions over $20. That’s overkill. What isn’t is simply having a code sent to your phone or email before logging in. 

[Drenda]

2 minutes ago, Rowan Amore said:

But they reimburse in Ls?  What good does that do me?  I'm still out $400.  They didn't steal MY Ls.  They purchased them using my payment info.

I agree they should have a 2fa method, even a permanent pin code for simplicity, for Purchases from an outside USD source, and that should be part of all Viewers.  It they can't do this, eliminate the quick Market purchase option from the viewer.  But they won't do that because they make too much money on the spread with those convenient Market orders. 

For buying Lindens, you can also report fraud to your credit card company, or Paypal.  I have a bank account with an always small balance connected to Paypal, and no overdraft protection allowed.  If someone attempts to purchase lindens from my paypal through my SL viewer, they will be lucky to get $10 USD.  And I would still report it as theft to LL and my bank. But 2fa would be helpful for that case.

The more common problem is transferring Lindens from my account to other dummy accounts.  Because of the extra transfer fees, I keep a large Linden balance at times for several weeks.  I never buy Lindens because I have an inworld business that supplies my Linden balance.

2FA for account logins would help the account security issue, but gets more complicated when you login from different IP's.  Partners in RL can work in different states and login from several IPs.  What if you have different phone numbers or email at your different home and work sites?   This is another issue, and LL would need to make exceptions or waivers for these cases.

 

 

[Rowan Amore]

11 minutes ago, Chris Nova said:

And what about the people who purchase lindens through the viewer multiple times a day? Especially since LL added more “tax” on transactions over $20. That’s overkill. What isn’t is simply having a code sent to your phone or email before logging in. 

A lot of people, including me, see no reason for 2fa simply to log into SL.  If I make several purchases of Ls during one day, I'd have no issue with verifying for each one.  It wouldn't be that big of a deal to me.  I never carry a large balance of Ls.  If someone were to get into my account, they would get less than 2000L on any given day.  As was mentioned, LL would reimburse those and even if they didn't, I'd be out less.than $10.

 

[Innula Zenovka]

1 hour ago, Chris Nova said:

Nah, your bank accounts are totally fine lmao

That, I see, was a debit card attached to her bank account, which would necessarily be less secure than a credit card.    I'm surprised that she didn't at least have to enter her CVV number manually, but it seems it's  not for cards like that.    So that's the difference between her and Cristiano's friend whose account was broken into but the thief couldn't get into Tilia.

We don't know what happened in the end -- at  the time of her final update, LL were being very helpful and it's unclear whether the $1700 actually left her account -- but I don't think this is a typical case by any means.

Furthermore, and while I'm not trying to blame her for what happened to her, I think that If you go though the story, you'll see that she admits she was somewhat careless, to say the least, in her approach to account security.

This is not a typical case, I think, and I don't think it's safe to base many general assumptions on it.

[Rowan Amore]

8 minutes ago, Innula Zenovka said:

That, I see, was a debit card attached to her bank account, which would necessarily be less secure than a credit card.    I'm surprised that she didn't at least have to enter her CVV number manually, but it seems it's  not for cards like that.    So that's the difference between her and Cristiano's friend whose account was broken into but the thief couldn't get into Tilia.

We don't know what happened in the end -- at  the time of her final update, LL were being very helpful and it's unclear whether the $1700 actually left her account -- but I don't think this is a typical case by any means.

Furthermore, and while I'm not trying to blame her for what happened to her, I think that If you go though the story, you'll see that she admits she was somewhat careless, to say the least, in her approach to account security.

This is not a typical case, I think, and I don't think it's safe to base many general assumptions on it.

CVV numbers are most definitely on debt cards.  No where does it ask for that when purchasing Ls.  Neither with a credit or debit card.  Perhaps, instead of having 2fa, they could require that when making a Lindens purchase.

[Innula Zenovka]

2 minutes ago, Rowan Amore said:

CVV numbers are most definitely on debt cards.  No where does it ask for that when purchasing Ls.  Neither with a credit or debit card.  Perhaps, instead of having 2fa, they could require that when making a Lindens purchase.

I wonder how the thief was able to buy L$ with her card but whoever broke into Cristiano's friend's account was unsuccessful.  

[Solar Legion]

2FA solution for those who want it: Require it for Website log in/L$ Purchase through the Market (or direct item purchase through the MP) .... and - get this - shut off the ability to purchase L$ using any of your existing payment methods, through the Viewer.

[Chris Corvinus]

30 minutes ago, Innula Zenovka said:

That, I see, was a debit card attached to her bank account, which would necessarily be less secure than a credit card.    I'm surprised that she didn't at least have to enter her CVV number manually, but it seems it's  not for cards like that.    So that's the difference between her and Cristiano's friend whose account was broken into but the thief couldn't get into Tilia.

We don't know what happened in the end -- at  the time of her final update, LL were being very helpful and it's unclear whether the $1700 actually left her account -- but I don't think this is a typical case by any means.

Furthermore, and while I'm not trying to blame her for what happened to her, I think that If you go though the story, you'll see that she admits she was somewhat careless, to say the least, in her approach to account security.

This is not a typical case, I think, and I don't think it's safe to base many general assumptions on it.

2FA would have prevented the hacker from gaining access regardless of her clicking random links. 

[Alwin Alcott]

2 hours ago, Chris Nova said:

And what about the people who purchase lindens through the viewer multiple times a day? Especially since LL added more “tax” on transactions over $20.

both are easy to prevent... buy in one time at the accountpage ( you can disable buy in the viewer (!) )
And buy several times a day to prevent higher fees ... well the amounts i mostly bought, i doubled those... and the fees are also nearly double... so multiple times is often only a trick to make yourself feel better, but you pay nearly the same.
( btw i'm not against 2FA but not for login .. )
2nd btw .. most people get phished, not hacked. The difference isn't only in name, but also who to blame.

Edited July 26, 2021 by Alwin Alcott

[Chris Corvinus]

4 minutes ago, Alwin Alcott said:

most people get phished, not hacked. The difference isn't only in name, but also who to blame.

Hacking, phishing, I don’t care. It all ends with someone else accessing your account which I’ve already said would not happen if 2FA was enabled.

[Coffee Pancake]

11 minutes ago, Chris Nova said:

Hacking, phishing, I don’t care. It all ends with someone else accessing your account which I’ve already said would not happen if 2FA was enabled.

2FA is not a panacea, it does not alone prevent any of those things happening, it just adds extra steps that an attacker may find difficult to accomplish.

Difficult is far from impossible.

[Chris Corvinus]

13 minutes ago, Coffee Pancake said:

2FA is not a panacea, it does not alone prevent any of those things happening, it just adds extra steps that an attacker may find difficult to accomplish.

Difficult is far from impossible.

I'm assuming the person hasnt clicked any suspicious links on their phone either. But generally when an attacker tries to access someone's account (that is 2FA enabled) from a different location, that person would get a sms code sent to their phone, hindering the attacker. You already know how it works.

[Cristiano Midnight]

1 hour ago, Coffee Pancake said:

2FA is not a panacea, it does not alone prevent any of those things happening, it just adds extra steps that an attacker may find difficult to accomplish.

Difficult is far from impossible.

Of course it is not a panacea. Locks on doors aren't a panacea either - a determined person will get in, but it doesn't mean that it is not worth having locks.