Jump to content

Why Does SL Not Have 2 Factor Authentication For Accounts?

Cristiano Midnight
 Share
You are about to reply to a thread that has been inactive for 998 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Solar Legion

Solar Legion

Posted
Posted
1 hour ago, Silent Mistwalker said:

Thank you. I'll never buy Ls again since I only ever purchased them through the viewer. Don't give a damn what any one says about the exchange. That is MY preferred method and I will NOT change it for anyone just because they think they know what is best for me. 

Read what I wrote a second time - you're reacting/responding to something that was not said.

I said: Allow for 2FA for the Website and for those truly concerned about it, they can shut off purchase through the Viewer. Not for Linden Lab to remove the option.

Link to comment
Share on other sites
  • Replies 149
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Cristiano Midnight
Cristiano Midnight

After 18 years, why does SL still not have the basic account security feature of 2 factor authentication? Considering that our accounts involve financial transactions, not having two factor authentica

Rolig Loon
Rolig Loon

Every year, 40,000 tons of meteoritic debris hit the Earth. Some meteorites are very large and can cause significant damage.  The Tunguska meteorite that struck Siberia in 1908, for example, flattened

Kimmi Zehetbauer
Kimmi Zehetbauer

Sadly it will not stop scams as some people fall for the phishing schemes.

Posted Images

Drenda

Drenda

Posted
Posted (edited)

My main concern is how the 2fa, assuming it is a temporary code good for only minutes, would be sent out for accounts that DO log in from different IPs and geographic locations.  Just because no one here does that, does not mean it never legitimately happens.  Some people have more complicated RL lives and travel and work elsewhere beside home, and need a reliable 2fa method that includes them.

When you are given options for a 2fa method of contact, LL should allow at least 4 telephone numbers, portable or fixed for voice and/or SMS text.  They should also allow at least 2 email accounts for verification.  You can not always couple and forward e-mail accounts.  And they should always allow multiple IP's, with 2fa triggered only when the IP changes as mentioned earlier.

When a menu pops up when you try to log in, or buy Lindens, it should have check off boxes on the different ways to notify you, and these can be changed within your selected 2fa methods at any time.  This is already standard with many financial institutions, before you log in from a new IP, or a new computer (eg different cookie stored).  Of course this will be a few extra steps and many will complain, or get locked out of their account.  LL should be prepared to increase their support staff to help locked out residents.  At the present time, if you have any support problem after about 5pm slt Friday until 7am slt Monday, you are SOL.   So this is not so simple as some think it is to implement fairly...

 

 

Edited by Drenda
  • Thanks 1
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
34 minutes ago, Solar Legion said:

Read what I wrote a second time - you're reacting/responding to something that was not said.

I said: Allow for 2FA for the Website and for those truly concerned about it, they can shut off purchase through the Viewer. Not for Linden Lab to remove the option.

 

Thanks for telling me what I was thinking even though it isn't what I was thinking. SL isn't worth all this bs.

Link to comment
Share on other sites
sirhc DeSantis

sirhc DeSantis

Posted
Posted
6 hours ago, Chris Nova said:

Of course they are not the same but both have the goal of obtaining information and in that way, they are related. Making 2FA optional allows idiots to keep being idiots and the rest of us the option to add a layer of protection for our accounts that we all know works.

First thing you ever posted  that I agree with. Optional, not a prob

Else the gentle holy power of Digital Darwinism can never teach those that need it most.

  • Like 1
Link to comment
Share on other sites
Coffee Pancake

Coffee Pancake

Posted
Posted
14 minutes ago, So Whimsy said:

I'd prefer it to be optional. I'd like to go without 365 code e-mails per year.

We'd all prefer to not need security (even the performative kind), but that's not the world we live in.

Door locks are easily picked with a little skill and the right tool, yet we still lock our doors and for the most part, the expectation that doors are locked is sufficient to deter most intrusion attempts.

1 minute ago, Silent Mistwalker said:

SL isn't worth all this bs.

To you.

  • Like 1
Link to comment
Share on other sites
Solar Legion

Solar Legion

Posted
Posted
13 minutes ago, Silent Mistwalker said:

 

Thanks for telling me what I was thinking even though it isn't what I was thinking. SL isn't worth all this bs.

Ah yes, because pointing out that the quoted reaction made no sense to what was said is so telling you what you were thinking .....

  • Thanks 1
Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted

This may seem specious, stupid, or both, but: I do not consider the only 2FA method is sending an SMS. Email a one-time link, click on the link. 

For those of you who are without SMS / cell message service, what horrible dystopian future can come from this alternative using emails instead? - Wait, you don't have email? Now I'm stumped.

 

Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
18 minutes ago, Love Zhaoying said:

For those of you who are without SMS / cell message service, what horrible dystopian future can come from this alternative using emails instead? - Wait, you don't have email? Now I'm stumped.

3 hours ago, Silent Mistwalker said:

Emails don't always arrive in a timely manner. I don't know of anyone who would want to have to wait 3 days for an email just to log into the grid only to have the code in the email expire before it ever arrives. Had that happen many times (not for SL obviously).

  • Thanks 2
  • Confused 1
  • Sad 1
Link to comment
Share on other sites
Love Zhaoying

Love Zhaoying

Posted
Posted
26 minutes ago, Rowan Amore said:

Most of the ones I've received have had a land line option.  Or a phone number option that then says "send as text or voicemail".

Idea: an IoT button to press!!!! (Connects to your home wireless, only press to confirm 2FA for SL.)

Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
1 hour ago, Love Zhaoying said:

IKR? I'd blame LL though, if past emails (or lack of) is any indication. 
Sorry @Silent Mistwalker, for not seeing your coverage on emails. 

It's not my email service. I've had the same email for over 20 years. It's like the post office where I live. Mail something in town going across town first thing Monday morning and it might get there by Friday. Incoming snail mail from out of state? You might see it within 30 days, if you see it at all. And that is all first class mail which should be delivered overnight with the exception of mail coming from out of state.

Thank you. Now go hug those furbabies.

Link to comment
Share on other sites
Innula Zenovka

Innula Zenovka

Posted
Posted
8 hours ago, Silent Mistwalker said:

Landline can't be tied up during husband's work hours since he works from home.

 

Whenever I used to use the phone call option, which I had to before I got a decent smartphone, the call usually followed within a minute or so (at most) and lasted only a matter of seconds. 

But I agree.  While it sounds as if LL might consider introducing 2FA at the point which you try to buy L$ in the viewer, or at least tightening up the security there, 2FA to get into SL is overkill, and fixing the wrong problem.

 

  • Like 5
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
4 minutes ago, Innula Zenovka said:

Whenever I used to use the phone call option, which I had to before I got a decent smartphone, the call usually followed within a minute or so (at most) and lasted only a matter of seconds. 

But I agree.  While it sounds as if LL might consider introducing 2FA at the point which you try to buy L$ in the viewer, or at least tightening up the security there, 2FA to get into SL is overkill, and fixing the wrong problem.

 

I get the feeling I'm not making things quite clear. I don't own a cell phone and there isn't one in my future. I can not use the landline for any reason during his working hours other than an emergency. SL will never be an emergency. 

That is my point really. Forcing 2fa just for logging into the grid does nothing to fix the actual problem. The more hoops people have to jump through to log in, the less they will log in. Some may even stop logging in altogether. I guess retention is no longer important in today's world since there are billions of customers to take our places. For now.

  • Like 1
  • Thanks 2
Link to comment
Share on other sites
Chris Corvinus

Chris Corvinus

Posted
Posted (edited)
10 minutes ago, Silent Mistwalker said:

I get the feeling I'm not making things quite clear. I don't own a cell phone and there isn't one in my future. I can not use the landline for any reason during his working hours other than an emergency. SL will never be an emergency. 

That is my point really. Forcing 2fa just for logging into the grid does nothing to fix the actual problem. The more hoops people have to jump through to log in, the less they will log in. Some may even stop logging in altogether. I guess retention is no longer important in today's world since there are billions of customers to take our places. For now.

I’m sorry you’re in that situation but I value security over someone else unable to log in for whatever reason. Can’t accommodate everybody. Fact is, LL doesn’t have anything in place to protect their users data other than a password and that’s not enough. And it takes seconds to get a code and copy it over to log in. That’s not even a hoop. 

Edited by Chris Nova
  • Haha 1
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
4 minutes ago, Chris Nova said:

I’m sorry you’re in that situation but I value security over someone else unable to log in for whatever reason. Can’t accommodate everybody. Fact is, LL doesn’t have anything in place to protect their users data other than a password and that’s not enough. And it takes seconds to get a code and copy it over to log in. That’s not even a hoop. 

Did I say I didn't want 2fa at all? NO. JFC.

Fine. Have at it. It's all yours. Have fun with the 5 other people that want SL all to themselves.

  • Like 2
  • Haha 1
Link to comment
Share on other sites
Kimmi Zehetbauer

Kimmi Zehetbauer

Posted
Posted
28 minutes ago, Silent Mistwalker said:

Did I say I didn't want 2fa at all? NO. JFC.

Fine. Have at it. It's all yours. Have fun with the 5 other people that want SL all to themselves.

It needs to be an opt-in basis. Those who want it --- can have it. Those who don't want it just leave them alone and let them log into SL like they have been doing since it existed.

Talking to someone who services the systems at my bar 90% of the "hacks" are people falling for phishing links.

  • Like 5
  • Thanks 1
Link to comment
Share on other sites
Chris Corvinus

Chris Corvinus

Posted
Posted
31 minutes ago, Silent Mistwalker said:

Did I say I didn't want 2fa at all? NO. JFC.

Fine. Have at it. It's all yours. Have fun with the 5 other people that want SL all to themselves.

So dramatic! I support opt-in. That means you and others like you dont have to worry about it if you don't want it. Its really that simple. You will always be able to log into SL so chill.

 

Link to comment
Share on other sites
Drayke Newall

Drayke Newall

Posted
Posted (edited)
10 hours ago, Coffee Pancake said:

Remove payment info on file/used markers entirely

This should have been done a decade ago. Second Life is the only program/game/platform or what have you that firstly, advertises half your login details (username) and secondly advertises to the world that you have a bank account, paypal, or card attached to that account with "payment info on file" in the profile.

10 hours ago, Coffee Pancake said:

Social "sticks" should be employed & can be coupled to measures intended to reduce the more egregious uses for throw away accounts. Accounts without 2FA don't get full access to create a profile, no pictures, no picks, no website links, daily caps on ability to join groups, receiving L$ from other avatars, etc .. basically all the anti grief, harassment, group botting things we have been after for years.

AGAIN - There should be no reason why everyone couldn't pick and use one of the 2FA schemes with their account.

I'm not sure if your being sarcastic here or not?

Such a move would see LL user count plummet overnight and ruin what little rep they still have. Removing perks from accounts because some people want 2FA and others dont is insane and would be a first on the entire internet. It is equivalent to Google saying 2FA is optional (it is) but if you want to send emails or not have a cap on how many searches you can do you must get 2FA. I'm sure Microsoft (Bing) will rub their hands with glee if Google did something as stupid as you suggest LL to do.

What happens if a person has a premium account but doesn't want 2FA? Do they then also loose access to those things as well despite paying for it and if not then what incentive is there to have 2FA for people more likely to have large sums of money than a basic user in there account?

As to saying there shouldn't be a reason why... how about simply a person not wanting to use one at all?

10 hours ago, Coffee Pancake said:

Just look at what steam (for example) does and copy that verbatim.

LOL... What does Steam do exactly that LL dont? I can purchase a game without 2FA, I can log in without 2FA, I can get RL money in my steam wallet without 2FA, I can trade on the community market for RL cash without 2FA, I can pay for subscriptions via steam (even from another game companies website) without 2FA, the list goes on. I can also save my payment details just like I can with SL and never have to input my CCV Number again. Additionally, the only time a 2FA code is sent is if you have a different geo-location or login from a new device, this is known as SteamGuard.

Steam offers no email or phone or SMS 2FA options. They have "Steam Guard Mobile Authenticator" which is optional and THE only way for any form of 2FA and requires you to have a mobile phone and download the app. Loose your phone or cant access it due to damage and you have to use a code that you are given when you get the Authenticator of which you have to find on a scrap of paper you wrote it down on because you forgot it.

People on Steam have more value on their accounts than most Second Life user accounts yet Steam a much larger company than LL (and 99.9% of other companies) doesn't offer the security measures and enforcement measures people in this thread is suggesting LL to do.

:EDIT:

If people are so hell bent on 2FA for SL it needs to be entirely optional, with no incentives (i.e. extra perks or lindens) and no disincentives if a person doesn't want to use it. Any incentives offered like in other games cannot work with second life due to RL money linkage and as for disincentives, I have never come across any 2FA with a disincentive as I dont think any company is stupid enough to even try such a thing.

Edited by Drayke Newall
  • Thanks 2
Link to comment
Share on other sites
Coffee Pancake

Coffee Pancake

Posted
Posted
15 minutes ago, Drayke Newall said:

I'm not sure if your being sarcastic here or not?

Such a move would see LL user count plummet overnight and ruin what little rep they still have. Removing perks from accounts because some people want 2FA and others dont is insane and would be a first on the entire internet. It is equivalent to Google saying 2FA is optional (it is) but if you want to send emails or not have a cap on how many searches you can do you must get 2FA. I'm sure Microsoft (Bing) will rub their hands with glee if Google did something as stupid as you suggest LL to do.

Don't fall into the trap of thinking anything purchased in SL (or on steam) has any actual value regardless of what it might have cost to collect. Digital purchases for the most part are worthless beyond the enjoyment they bring their owner.

2FA shouldn't be in the slightest way optional IMO. This isn't about protecting your account or your virtual stuff, it's about adding one more step between an avatar and a bank account / credit card. 

No one is going to stop making or trading in SL if a requirement of buying L$ or cashing out is they need to type in a code from an email or poke an app on their phone. We should have been doing this for years already.

If you intentionally don't have that RL financial link in place, then sure, 2FA is mostly just extra steps - the one notable exception being it will alert you to your account being compromised should you receive an unexpected authentication request.

 

 

 

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 998 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...