Jump to content

MULTI FACTOR AUTHENTICATION !!


Recommended Posts

I stay qualified by calling my answering machine on my Google Voice number, and leaving a message that you have just won a free Hawaiian vacation and $5000 spending money.  I list the callback number as my smartphone.  Warning, there are catches to that deal - I think it's a scam.

 

Link to comment
Share on other sites

11 minutes ago, Silent Mistwalker said:

Been there done that. Who am I going to call? There is no one for me to call. You have to make at least one phone call per month. I doubt they will let me get it back even though I was going through health issues.

I don't pay for the home phone. 

(If it were t come down to it- time & temp!)  Orrrrr: ….. yes these are really real- imma nerd so I’ve called them in the past….

D7C60ADF-B5E7-438D-B082-EC998F90302B.jpeg

067F11B2-6271-4B02-838A-EA93BB41ECA3.jpeg

Link to comment
Share on other sites

1 hour ago, Silent Mistwalker said:

What I'd like to know is where am I supposed to get the money to buy a phone with in the first place? I have a home phone. That's all I can afford.

I get that completely, wasn't that long ago I was picking between buying ramen for a week and paying rent, my whole life fit in two suitcases (that I didn't own).

People upgrade cell phones & tablets all the time, the old ones just end up in a drawer12.

Older Apple are nicer, but they come with a huge caveat that you might not be able to install software from the app store you don't already have a license for if the phones OS is no longer supported. Android based (Inc Amazon) don't tend to have this problem.

You don't need a smart phone to be a phone, just hang it off your home wifi and everything will just work (it will still be able to make emergency calls). Older Android don't tend to hold their value either. A hand me down device is perfectly fine for this use case.

  • Haha 1
Link to comment
Share on other sites

In mine country you can do nothing with that authentication, even at work if there is very secure data.

We dont use MS stuff bc it isnt safe. We use digital ID or Smart ID or Mobile ID. Even banks ask them.

Messing with camera and scanning codes ..... it is so annoying and makes life complicated if your mobile gets lost or broke.

Digital ID works everywhere without any installing from MS / what already is unsecure/and  every session is unique.

  • Haha 3
Link to comment
Share on other sites

9 minutes ago, Vihmakass said:

In mine country you can do nothing with that authentication, even at work if there is very secure data.

We dont use MS stuff bc it isnt safe. We use digital ID or Smart ID or Mobile ID. Even banks ask them.

Messing with camera and scanning codes ..... it is so annoying and makes life complicated if your mobile gets lost or broke.

Digital ID works everywhere without any installing from MS / what already is unsecure/and  every session is unique.

Oh for ....

2FA/MFA has incredibly little to do with Microsoft - they are just one of many software side avenues to get a 2FA/MFA application from.

All of that being quite beside the points some have been making here - both for and against.

ETA: If by some chance you were meaning text based 2FA, that's SMS or MMS.

Edited by Solar Legion
Link to comment
Share on other sites

6 minutes ago, Solar Legion said:

Oh for ....

2FA/MFA has incredibly little to do with Microsoft - they are just one of many software side avenues to get a 2FA/MFA application from.

All of that being quite beside the points some have been making here - both for and against.

"If you don't already have an authenticator app on your mobile device, install the authenticator app of your choice.

  • Most authenticator apps, like Microsoft Authenticator or Google Authenticator, are free and available in your device's app store, and are regularly kept up to date with automatic updates."
  • Thanks 2
  • Haha 2
Link to comment
Share on other sites

I don't think many people would feel comfortable with DigitalID, at least from what I understand of it.  There was a thread here earlier regarding having people's real ID linked to their SL account, and it was not popular.  With mfa, there is no need to link your real ID with SL.  No real need for a mobile device, really.  I tried it using WinAuth on Windows 10 and it ran fine, you just need to decode the QR code and put it in your favorite authenticator app, and it should work fine.  

 

Link to comment
Share on other sites

Just now, Vihmakass said:

"If you don't already have an authenticator app on your mobile device, install the authenticator app of your choice.

  • Most authenticator apps, like Microsoft Authenticator or Google Authenticator, are free and available in your device's app store, and are regularly kept up to date with automatic updates."

And? Two, rather common place suggestions for Authenticator applications. Nothing more than that.

So again,

Quote

2FA/MFA has incredibly little to do with Microsoft - they are just one of many software side avenues to get a 2FA/MFA application from.

All you've listed are alternative application "solutions" - all of which are downloaded.

Link to comment
Share on other sites

I bet you dont know what digital ID is. It is given to me by our goverment, not by MS or other company.

Thru it i get all what is needed. It is legal official passport, just in digital form.

We even vote with it online. So it can allow me be anonymous too still verify me.

Edited by Vihmakass
  • Haha 2
Link to comment
Share on other sites

10 minutes ago, Vihmakass said:

I bet you dont know what digital ID is. It is given to me by our goverment, not by MS or other company.

Thru it i get all what is needed. It is legal official passport, just in digital form.

We even vote with it online.

And? SmartIDMobileID.

They're application based authenticators - tied to a form of government ID (an incredibly foolish idea).

Your country as a whole does not use 2FA/MFA but instead uses the above applications or similar? Congratulations - they're fooling themselves into thinking their method is any more secure than existing authentication.

That said, not much use going around and around on this one - Linden Lab took the road they took. Including going about implementation that is backwards (securing individual sections/leaving certain ones at risk).

And as another poster has mentioned: This entire thread could be skimmed by someone unsavory that is looking for targets/loopholes.

Congratulations to a few that went and pointed them out - here and elsewhere. Cat's out of the bag there now isn't it?

Edited by Solar Legion
Link to comment
Share on other sites

9 minutes ago, Solar Legion said:

And? SmartIDMobileID.

They're application based authenticators - tied to a form of government ID (an incredibly foolish idea).

Your country as a whole does not use 2FA/MFA but instead uses the above applications or similar? Congratulations - they're fooling themselves into thinking their method is any more secure than existing authentication.

Nope they doesnt form digital ID FROM those applications. Digital ID is completely dif thing

And yes you can tie SmartID and mobile ID with it but not vice versa. I can tie many things with it but aplications what i tie doesnt get mine personal data like you think.

Edited by Vihmakass
  • Haha 2
Link to comment
Share on other sites

11 hours ago, Sid Nagy said:

Therefore the moment LL forces me to put an identification app for them on my smartphone, I'm done with SL.

I already had an authenticator app on my phone as I need it for some of the work web sites.  So all I had to do was pair SL with that app.

Link to comment
Share on other sites

These are the current problems that I see - not sure if LL considers them issues or not, so will open a JIRA to confirm.

I can close the tab; leave it closed for a bit; open a new tab; go back to my Dashboard and I can still get to all financial pages without needing a new token.  

I can leave the tab open all night and on the next day the token has not expired and I can still get to all financial pages.

No token required to Buy L$ or to get to my LindeX Order History.

Link to comment
Share on other sites

7 minutes ago, LittleMe Jewell said:

These are the current problems that I see - not sure if LL considers them issues or not, so will open a JIRA to confirm.

I can close the tab; leave it closed for a bit; open a new tab; go back to my Dashboard and I can still get to all financial pages without needing a new token.  

I can leave the tab open all night and on the next day the token has not expired and I can still get to all financial pages.

No token required to Buy L$ or to get to my LindeX Order History.

I have noticed the same thing. The current authentication time out is way too long and does not apply adequately to enough pages. If you can get a session that's open it seems that you can even change your password without having to confirm through your token. I am planning to add Jira as well.

Link to comment
Share on other sites

1 hour ago, Iggy UwU said:

this should have been added way sooner. i am kind of glad they did this as an option if you want to secure your account more.

At least it's an option. For the casual SLer --- the current tried and true way of logging in will suffice. For those who merchant and run stores and such, this will help secure their things.

13 minutes ago, LittleMe Jewell said:

These are the current problems that I see - not sure if LL considers them issues or not, so will open a JIRA to confirm.

I can close the tab; leave it closed for a bit; open a new tab; go back to my Dashboard and I can still get to all financial pages without needing a new token.  

I can leave the tab open all night and on the next day the token has not expired and I can still get to all financial pages.

No token required to Buy L$ or to get to my LindeX Order History.

I think the bugs are still getting worked out.  Remember, we're guinea pigs as the developers really don't find out bugs until something is release to the masses.

  • Like 1
Link to comment
Share on other sites

Try to change your password and see if the token pops up, it does for me every time I open a new browser.  In fact, everything I have tried so far under the account listing on secondlife.com asks for the token for the first time upon opening the browser.  If I close out of the tab and go back, it will still open without asking for a token.  But if I close out of my browser and come back in, it will ask again.  I have my browser set to delete history, cookies, etc upon closing.

Edited by Istelathis
Link to comment
Share on other sites

4 minutes ago, Istelathis said:

Try to change your password and see if the token pops up, it does for me every time I open a new browser.  In fact, everything I have tried so far under the account listing on secondlife.com asks for the token for the first time upon opening the browser.  If I close out of the tab and go back, it will still open without asking for a token.  But if I close out of my browser and come back in, it will ask again.  I have my browser set to delete history, cookies, etc upon closing.

I never close my browsers unless I am rebooting my computer -- which only happens when Windows gets really pushy about installing an update.

 

Link to comment
Share on other sites

I think it might ask again if you log in incognito mode.  I just tried it with brave, while keeping this session open and signed in to mfa and it asked me to put it back in on the private session.  

Edited by Istelathis
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...