Jump to content

Oh crap, MFA now required!

Arielle Popstar

By Arielle Popstar,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 218 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

  • Replies 134
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Solar Legion
Solar Legion

How does it affect users of a Viewer that has not had any updates in some time, that has been pulled from the official App store and only exists now on the devices of those who managed to grab it befo

Lyric Demina
Lyric Demina

" If a viewer is not MFA Capable yet, then those accounts will no longer be able to log into Second Life using that viewer. "  It sounds like this is a compliance requirement for 3rd party viewers, ra

Solar Legion
Solar Legion

I'd rather use my own MFA than be forced to have to download/utilize yet another proprietary MFA application which is used only for a single application.

Posted Images

Ayashe Ninetails

Ayashe Ninetails

Posted
Posted

"We rolled out a login change today that requires MFA Capable viewers for accounts that have MFA enabled in their preferences."

I haven't touched my preferences or turned on MFA. Logged in now just fine. Which reminds me...I should probably get around to updating Firestorm one of these days. I keep forgetting.

  • Like 4
  • Thanks 2
Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
  • Author
Posted
6 minutes ago, Lyric Demina said:

" If a viewer is not MFA Capable yet, then those accounts will no longer be able to log into Second Life using that viewer. "  It sounds like this is a compliance requirement for 3rd party viewers, rather than a requirement for the user to activate MFA. 

Is that still "oh crap"?

It will be if it breaks my Lumiya viewer since it would not be supporting the MFA.

  • Haha 2
Link to comment
Share on other sites
Solar Legion

Solar Legion

Posted
Posted (edited)

How does it affect users of a Viewer that has not had any updates in some time, that has been pulled from the official App store and only exists now on the devices of those who managed to grab it before hand or in the form of utterly untrustworthy APK aggregator sites?

Does it really matter?

If you don't have MFA enabled it doesn't affect you or the Viewer you use. If you do have MFA enabled then it is beyond time that you abandon such an old Viewer. If you have Alternate Accounts that do not have MFA enabled while your main does then the only account this will affect is the main.

Tempest in a teapot at best.

Edited by Solar Legion
Formatting/Spelling Correction
  • Like 8
  • Thanks 5
Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
  • Author
Posted
14 minutes ago, Solar Legion said:

How does it affect users of a Viewer that has not had any updates in some time, that has been pulled from the official App store and only exists now on the devices of those who managed to grab it before hand or in the form of utterly untrustworthy APK aggregator sites?

Well when the Lab rolls out its mobile viewer you might have a point but for now, it is still the only reasonable one available. The Lab knew this for 6 years already so they had ample time to rectify the situation. As far as the aggregator sites are concerned, I haven't heard of any complaints about them from within the group.

Quote

If you don't have MFA enabled it doesn't affect you or the Viewer you use. If you do have MFA enabled then it is beyond time that you abandon such an old Viewer. If you have Alternate Accounts that do not have MFA enabled while your main does then the only account this will affect is the main.

So are you saying those who had MFA enabled were not getting the protection it is supposed to afford because anyone could use a non MFA viewer and still login without issue? Hasn't that just been giving residents a false sense of security in thinking that enabling it prior to today gave them some sort of protection when it didn't?

Link to comment
Share on other sites
AmeliaJ08

AmeliaJ08

Posted
Posted (edited)
5 minutes ago, Arielle Popstar said:

So are you saying those who had MFA enabled were not getting the protection it is supposed to afford because anyone could use a non MFA viewer and still login without issue? Hasn't that just been giving residents a false sense of security in thinking that enabling it prior to today gave them some sort of protection when it didn't?

It does strike me as odd that LL were allowing this for accounts where people had enabled MFA but it sounds like it, yes.

What I really wonder is why those people thought they were getting some level of protection despite very obviously not using the thing they had enabled due to lack of viewer support?

Edited by AmeliaJ08
  • Like 3
Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted
4 minutes ago, Arielle Popstar said:

So are you saying those who had MFA enabled were not getting the protection it is supposed to afford because anyone could use a non MFA viewer and still login without issue? Hasn't that just been giving residents a false sense of security in thinking that enabling it prior to today gave them some sort of protection when it didn't?

They weren't denied protection because anyone could use a non-MFA viewer, but that they themselves could do so—or more to the point, somebody hacking into their account could do so, perhaps using an antiquated viewer the rightful account owner had never even heard of. That is, they were not getting the benefit of the MFA they thought they had enabled.

  • Like 4
Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
  • Author
Posted
Just now, AmeliaJ08 said:

It does strike me as odd that LL were allowing this for accounts where people had enabled MFA but it sounds like it, yes.

What I really wonder is why those people thought they were getting some level of protection despite very obviously not using the thing they had enabled due to lack of viewer support?

Yes that is why I misunderstood the original Featured News article. 

Link to comment
Share on other sites
Solar Legion

Solar Legion

Posted
Posted
  1. Don't care about the Lab's own mobile Viewer project and frankly I hope it fails
  2. That's nice that you nor your friends have had issues with APK aggregators - your personal experiences with them are rather irrelevant: No official source, no official work from the Dev means that any such download is automatically suspect. That is the simple truth and reality
  3. It has been known for some time now that there was a loophole in the usage of older Viewers where MFA enabled accounts were concerned - if you were unaware of it then that is on you
    1. As of this announcement the potential door is closed - a door that only existed because Linden Lab listened to and took pity upon users of older Viewers that have had no active development for some time now

You should be congratulating them for finally closing this loophole/security flaw as now it means that anyone who has Phished your account information or somehow managed to guess it will no longer be able to utilize an older Viewer to circumvent the extra level of security if you have it enabled.

They did not have to give a grace period. They did so anyway, even after the majority of actively developed TPVs adopted the MFA prompt.

Once more it is beyond time to move on.

  • Like 3
Link to comment
Share on other sites
Caleb Kit

Caleb Kit

Posted
Posted

Well, I just filed a ticket with the labs.  Starting up MFA fails because Google Authenticator (on a few month old) Samsung phone does not give out 'tokens'. So you can't complete the MFA sign up. I think maybe someone sent out that press release early cuz they aren't ready yet.  Or me and my money will be going bye bye after almost 17 years.  And I use Google Authenticator numerous times each day.  I have used MFA all over for work and private business for over 10 years I believe.  I have been looking forward to Second Life finally implementing this security feature. 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites
Qie Niangao

Qie Niangao

Posted
Posted
18 minutes ago, Caleb Kit said:

Well, I just filed a ticket with the labs.  Starting up MFA fails because Google Authenticator (on a few month old) Samsung phone does not give out 'tokens'. So you can't complete the MFA sign up. I think maybe someone sent out that press release early cuz they aren't ready yet.  Or me and my money will be going bye bye after almost 17 years.  And I use Google Authenticator numerous times each day.  I have used MFA all over for work and private business for over 10 years I believe.  I have been looking forward to Second Life finally implementing this security feature. 

Thing is, the Lab implemented it ages ago. I've used it for three SL accounts for many months, including today. Setting up a new account for Google Authenticator was painless each time I did it (with QR code, as I recall), and obviously you too have done it for non-SL accounts, so… I wonder if there's something broken today?

  • Like 2
Link to comment
Share on other sites
Alwin Alcott

Alwin Alcott

Posted
Posted
1 hour ago, Arielle Popstar said:

So are you saying those who had MFA enabled were not getting the protection it is supposed to afford because anyone could use a non MFA viewer and still login without issue? Hasn't that just been giving residents a false sense of security in thinking that enabling it prior to today gave them some sort of protection when it didn't?

It gives the ones who use it protection. Who doesn;t not. ...
who rides with tires sits comfy, without it's a bumpy ride .. unless the road is even.

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 218 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...