Jump to content

2FA when?


Recommended Posts

I'm not looking for arguments from other people on this,  it's getting to the point where I need everything I 2fa/3fa,  I work in a private sector that deals in certain items and we have several physical tokens to login with bio-metrics,  I'm used to level of security and SL is my only social outlet because of the hours I have to keep,  so I want every account I use to be super secure @Kristen Linden @Monty Linden any news on the progress?  

  • Thanks 1
  • Haha 1
Link to comment
Share on other sites

3 hours ago, bigmoe Whitfield said:

@Klytyna   whats so funny?  because I want and need the extra security in this day and age?  I'm not going to be accepting much less from any company soon,  2fa/3fa has to become a standard and used by every one even if they do not think they will ever need it.  

Klytyna gives free forum points!  Probably not the intent, but is the overall result.  Some people get upset about all the laughing.  Don't.  It's like they have cans and cans of laugh-track they are trying to purge.  A quick glance at their post history, which ended December 27, 2018, leads me to suspect "cat's got their tongue".  Will the "cat" ever give it back?  Unlikely.

  • Haha 1
Link to comment
Share on other sites

1 minute ago, HunniHope said:

2FA is something LL are working on. It came up at the last Web User Group (Aug 4th) but i cant remember if there was any more news

I really hope its opt-in.

  • Like 1
Link to comment
Share on other sites

14 minutes ago, Sammy Huntsman said:

I honest want 2fa, so I can better protect my SL account. I do it with everything else and feel at ease with it. I want to be able to do it with my SL account too. 

Good for you, I don't. 14 years and 2 month make feel at ease without f2a e-mail spam.

  • Like 1
Link to comment
Share on other sites

1 minute ago, So Whimsy said:

Good for you, I don't. 14 years and 2 month make feel at ease without f2a e-mail spam.

I don't get F2A spam at all. Unless someone tries to login into my account. Hell I have it setup, where i also get a text letting me know that as well. I would rather that, than have someone gaining access to my account. 

Link to comment
Share on other sites

1 minute ago, Sammy Huntsman said:

I don't get F2A spam at all. Unless someone tries to login into my account. Hell I have it setup, where i also get a text letting me know that as well. I would rather that, than have someone gaining access to my account. 

The f2a I have been faced with in various MMORPG's always send me a mail with a code I need to provide upon log in. That's what I don't want and so far we don't know just how they will implement f2a, right?

  • Like 1
Link to comment
Share on other sites

19 hours ago, So Whimsy said:

I really hope its opt-in.

you do realize at some point, you will have zero choices for opt-in, as it's becoming the norm and will be at some point either you use it, or you are not going to be able to use services,  I wish people would stop trying to fight security.

  • Haha 2
Link to comment
Share on other sites

19 hours ago, So Whimsy said:

The f2a I have been faced with in various MMORPG's always send me a mail with a code I need to provide upon log in. That's what I don't want and so far we don't know just how they will implement f2a, right?

Yeah, but an email sure beats the hell out of trying to log in one day and finding you can't because someone else has your account.

Just because you've not had your account compromised yet, doesn't mean it can't or won't happen.

 

Oh .. and you do use different strong passwords for everything, right?

  • Like 1
  • Haha 1
Link to comment
Share on other sites

1 hour ago, bigmoe Whitfield said:

you do realize at some point, you will have zero choices for opt-in, as it's becoming the norm and will be at some point either you use it, or you are not going to be able to use services,  I wish people would stop trying to fight security.

If it's not opt-in or opt-out I'll find myself logging into SL less just like with those MMO's, some of which I even de-installed because it was annoying as heck.

1 hour ago, Coffee Pancake said:

Oh .. and you do use different strong passwords for everything, right?

Absolutely.

  • Like 1
Link to comment
Share on other sites

On 8/18/2021 at 4:21 PM, bigmoe Whitfield said:

you do realize at some point, you will have zero choices for opt-in, as it's becoming the norm and will be at some point either you use it, or you are not going to be able to use services,  I wish people would stop trying to fight security.

Which services would those be then? You already hinted you are in some sort of private sector hive that is all security all the time - so tell me. Which 'services' that you and your corporate provide will they be?

As always, response to this is - 'opt in yeah whatever. obligatory well now - show me how its going to be done. all of it. including all actors. all of them with traceable paths =^^='

  • Thanks 1
Link to comment
Share on other sites

5 hours ago, sirhc DeSantis said:

Which services would those be then? You already hinted you are in some sort of private sector hive that is all security all the time - so tell me. Which 'services' that you and your corporate provide will they be?

As always, response to this is - 'opt in yeah whatever. obligatory well now - show me how its going to be done. all of it. including all actors. all of them with traceable paths =^^='

we use a 2fa/3fa combination currently,  these are self rolled with google auth behind them,  that's all I'm legally allowed to say, several federal level nda's on my butt here.

  • Haha 1
Link to comment
Share on other sites

Well, also, it's not because you have a strong password that someone can't get it. If for some reasons you get a keylogger on your computer and the person get your password, it can be strong as hell, it won't make a difference and that's where 2fa is super useful. I'm waiting for it too. 

Link to comment
Share on other sites

  • 1 month later...
42 minutes ago, Alwin Alcott said:

it's not even possible to delete your account by that button :)  just close the access.

It deactivates the account at first and involves having to engage LL support to try and get it back.. That page should be blocked by 2FA regardless. Say someone malicious manages to steal the current password to an account, then out of spite because they cant change the password or do other things to it, they delete the account. Then the legit owner of the account has to then go through all the hassle with support to try and get their account back (even worse, if its left deactivated long enough, the accounts inventory will be purged)... Easier and better to just protect that page to save someone having to go through the hassle.

I was surprised on how LL implemented this actually, I would have thought they would just prevent account login entirely without 2FA, rather than just protect a subset of functions after logging in.

  • Haha 1
Link to comment
Share on other sites

9 minutes ago, mygoditsfullofstars said:

I was surprised on how LL implemented this actually, I would have thought they would just prevent account login entirely without 2FA, rather than just protect a subset of functions after logging in.

Not surprised At All. And warned people that it would likely not be implemented properly - at a minimum.

  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...