Jump to content

MULTI FACTOR AUTHENTICATION !!


Coffee Pancake
 Share

You are about to reply to a thread that has been inactive for 909 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

23 minutes ago, Chris Nova said:

That whole situation saddens me. I cancelled my sub, cancelled my D2 preorder, and am playing GW2 now until Blizz gets their crap together. They are currently fixing things in games to appease people when they should be focusing more on their actual employees. That whole thing just….annoys me. No king reigns forever. 
 

Sorry I got the topic off track but I needed to say that. Carry on.

Just keep with GW2...  : )  (biased)

Link to comment
Share on other sites

Just now, LittleMe Jewell said:

Nope and haven't closed the browser tab either -- though I did close it day before yesterday and that also did not force expire the token.

IMO - If the token never expires when the browser tab is closed or after some (hopefully fairly short) amount of time, then the 2FA is somewhat broken.  

 

I don't disagree that it is somewhat broken but try rebooting and see if that doesn't "cancel" the active token. A detail that LL might need to know.

Link to comment
Share on other sites

3 minutes ago, LittleMe Jewell said:

Nope and haven't closed the browser tab either -- though I did close it day before yesterday and that also did not force expire the token.

IMO - If the token never expires when the browser tab is closed or after some (hopefully fairly short) amount of time, then the 2FA is somewhat broken.  

 

2 minutes ago, Silent Mistwalker said:

 

I don't disagree that it is somewhat broken but try rebooting and see if that doesn't "cancel" the active token. A detail that LL might need to know.

Reboots don't even nuke the 2FA tokens for some banks, GitHub and other places. Only certain system or browser updates or the cookie timer.

Link to comment
Share on other sites

I did open a JIRA telling LL that the token does not get expired when the browser tab is closed, when I log out, or after any amount of time staying logged in.  They closed the JIRA as "expected behavior".

They did say that the cookie is set to expire after 30 days.  They also said I could actually log out and that would do it -- but it doesn't.

*sigh*

 

Edited by LittleMe Jewell
  • Like 1
  • Sad 3
Link to comment
Share on other sites

36 minutes ago, Chris Nova said:

Oh, I’m having a blast! Only thing I don’t like are the mounts being available at 80. My legs are so tired 😂

If you have a chance, give FFXIV a shot as well.  I found it to be an amazing game, and the story was great.  The first 60 levels are free, and provides a few dozen hours of gameplay.  I think I was around 6 days of playtime before I finished the main story quests.

Link to comment
Share on other sites

34 minutes ago, LittleMe Jewell said:

I did open a JIRA telling LL that the token does not get expired when the browser tab is closed, when I log out, or after any amount of time staying logged in.  They closed the JIRA as "expected behavior".

They did say that the cookie is set to expire after 30 days.  They also said I could actually log out and that would do it -- but it doesn't.

*sigh*

 

Log out aside, the part in bold is indeed expected behavior. It is the default.

  • Sad 1
Link to comment
Share on other sites

2 hours ago, LittleMe Jewell said:

I did open a JIRA telling LL that the token does not get expired when the browser tab is closed, when I log out, or after any amount of time staying logged in.  They closed the JIRA as "expected behavior".

They did say that the cookie is set to expire after 30 days.  They also said I could actually log out and that would do it -- but it doesn't.

*sigh*

 

 

This may sound bad but it is meant sincerely and with heart. Thank you for being a guinea pig. I'm sorry it didn't work out as hoped. 

Link to comment
Share on other sites

On 9/21/2021 at 10:04 PM, Jaylinbridges said:

So the only way to use their MFA is thru a smartphone or mobile device?  No email option, no voice mail or text mail option to a home phone?   That means if my smartphone breaks, or I drop it, and I need to do a process transfer, or any operation using the secondlife.com account page I would be out of luck until I get a new phone?  Can SL transactions even be checked if you have MFA and your mobile device is lost or broken?   No thanks, until they don't rely on only batteries to get my money.  At least it is opt-in.

 

Attaching MFA to phones is SUCH a nuisance for many reasons, not the least of which your phone could be lost or stolen or you may get a new phone and then having to go back and fix up all those pages with MFA is a huge nuisance.

This is why I don't use it.

PS I see we're back in avatar foot shadow land again.  When is search going to get fixed?

  • Like 1
Link to comment
Share on other sites

34 minutes ago, Prokofy Neva said:

MFA is a huge nuisance.

That is the point though :)  If you want, you can download an application for Windows that will run the authenticator so it is always on your machine and you don't have to worry about ever losing it.  It offers an extra layer of protection, if you want it.  It is especially important if we participate on forums, as people can often pick up on our challenge questions just by topics posted.  Have you ever seen topics such as, where are you from?  What school did you go to?  Your favorite pet?  Etc, etc..  not usually worded in such an obvious way, but information we can willingly give out without thinking about.  We leave a trail on the Internet, no matter how safe we are being.  If someone were to get access to just one of your email accounts then they may have the ability to reset your other passwords.  

 

Not to mention, how many times email servers have been hacked in the past.  Same with other servers out there, it is also why it is important to have a different password for every service you use.  It is all a huge pita, especially when you have 16+ random characters that is different for every account.  It gets to be burdensome.  Not trying to scare you or others, but MFA is a bonus for us - especially for those of you who keep your credit card saved to Second Life, and have businesses here.  

Edited by Istelathis
  • Haha 1
Link to comment
Share on other sites

54 minutes ago, Jules Catlyn said:

Some people will consider anything Linden Lab does a bad thing and find fault with it. 

"Linden Lab issues a statement that bananas are yellow"

Some users:

"It is an outcry!! They dont know what they are saying!!! They are wrong!!" 

While this is pretty much the truth, this particular implementation by LL is very sub-par.   If someone does manage to get your password or hack into the account -- because the 2FA is not need to actually log in -- then they can buy L$ up to your max daily limit and transfer them on to other accounts.

Personally, I'd rather that option protected rather than folks being able to look at my L$ or US $ history - or even "seeing" what my billing info is (since that doesn't really show them anything worthwhile).  Who the heck cares if they can see that data, compared with being able to spend my RL money.

Don't get me wrong, I'm very glad they are at least working towards proper 2FA protection, but the current implementation really only protects being able to change the email or password on the account.  

Edited by LittleMe Jewell
Link to comment
Share on other sites

14 minutes ago, LittleMe Jewell said:

Don't get me wrong, I'm very glad they are at least working towards proper 2FA protection, but the current implementation really only protects being able to change the email or password on the account.  

On an MMO my man plays --- you have to lodge a ticket at their help desk to change email. This was done when there was a hacking spree that lasted for a bit. Found it was a former GM who was fired and got revenge.

Link to comment
Share on other sites

4 hours ago, Cinos Field said:

Great first step! Now include it for the client itself, the portal to our actual virtual lives!

 

That's incoming,  which I think some of the bigger mmo's use it,  I know when I played ff14 the original we had to have one to get into it.  still got that bugger some place around here.

Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 909 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...