Arielle Popstar Posted September 19, 2023 Share Posted September 19, 2023 Here we go with Enforcing Viewer Login MFA 4 Link to comment Share on other sites More sharing options...
Lyric Demina Posted September 19, 2023 Share Posted September 19, 2023 " If a viewer is not MFA Capable yet, then those accounts will no longer be able to log into Second Life using that viewer. " It sounds like this is a compliance requirement for 3rd party viewers, rather than a requirement for the user to activate MFA. Is that still "oh crap"? 5 4 Link to comment Share on other sites More sharing options...
sirhc DeSantis Posted September 19, 2023 Share Posted September 19, 2023 Notes OP. Checks source. Wanders away again. 2 Link to comment Share on other sites More sharing options...
Ayashe Ninetails Posted September 19, 2023 Share Posted September 19, 2023 "We rolled out a login change today that requires MFA Capable viewers for accounts that have MFA enabled in their preferences." I haven't touched my preferences or turned on MFA. Logged in now just fine. Which reminds me...I should probably get around to updating Firestorm one of these days. I keep forgetting. 4 2 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted September 19, 2023 Share Posted September 19, 2023 I wonder how this affects Lumiya users? 2 1 Link to comment Share on other sites More sharing options...
Arielle Popstar Posted September 19, 2023 Author Share Posted September 19, 2023 6 minutes ago, Lyric Demina said: " If a viewer is not MFA Capable yet, then those accounts will no longer be able to log into Second Life using that viewer. " It sounds like this is a compliance requirement for 3rd party viewers, rather than a requirement for the user to activate MFA. Is that still "oh crap"? It will be if it breaks my Lumiya viewer since it would not be supporting the MFA. 2 Link to comment Share on other sites More sharing options...
Lyric Demina Posted September 19, 2023 Share Posted September 19, 2023 3 minutes ago, Love Zhaoying said: I wonder how this affects Lumiya users? Probably as you'd expect, yeah. 1 1 Link to comment Share on other sites More sharing options...
Paul Hexem Posted September 19, 2023 Share Posted September 19, 2023 This should only affect people that both have it enabled and use older viewers, yeah. 4 2 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted September 19, 2023 Share Posted September 19, 2023 2 minutes ago, Paul Hexem said: This should only affect people that both have it enabled and use older viewers, yeah. That would be a mean thing, if someone were to hack into accounts just to enable MFA. 1 3 Link to comment Share on other sites More sharing options...
Solar Legion Posted September 19, 2023 Share Posted September 19, 2023 (edited) How does it affect users of a Viewer that has not had any updates in some time, that has been pulled from the official App store and only exists now on the devices of those who managed to grab it before hand or in the form of utterly untrustworthy APK aggregator sites? Does it really matter? If you don't have MFA enabled it doesn't affect you or the Viewer you use. If you do have MFA enabled then it is beyond time that you abandon such an old Viewer. If you have Alternate Accounts that do not have MFA enabled while your main does then the only account this will affect is the main. Tempest in a teapot at best. Edited September 19, 2023 by Solar Legion Formatting/Spelling Correction 8 5 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted September 19, 2023 Share Posted September 19, 2023 Idea: LL should turn on MFA for all Bot / Registered Scripted Agent accounts. You're welcome. 1 1 1 Link to comment Share on other sites More sharing options...
shireena1 Posted September 19, 2023 Share Posted September 19, 2023 Link to comment Share on other sites More sharing options...
shireena1 Posted September 19, 2023 Share Posted September 19, 2023 (edited) Does SL still want us to find our own mfa? if so i find that is a bit sad. even steam uses their own 2fa. Edited September 19, 2023 by shireena1 typo Link to comment Share on other sites More sharing options...
Solar Legion Posted September 19, 2023 Share Posted September 19, 2023 I'd rather use my own MFA than be forced to have to download/utilize yet another proprietary MFA application which is used only for a single application. 9 Link to comment Share on other sites More sharing options...
Arielle Popstar Posted September 19, 2023 Author Share Posted September 19, 2023 14 minutes ago, Solar Legion said: How does it affect users of a Viewer that has not had any updates in some time, that has been pulled from the official App store and only exists now on the devices of those who managed to grab it before hand or in the form of utterly untrustworthy APK aggregator sites? Well when the Lab rolls out its mobile viewer you might have a point but for now, it is still the only reasonable one available. The Lab knew this for 6 years already so they had ample time to rectify the situation. As far as the aggregator sites are concerned, I haven't heard of any complaints about them from within the group. Quote If you don't have MFA enabled it doesn't affect you or the Viewer you use. If you do have MFA enabled then it is beyond time that you abandon such an old Viewer. If you have Alternate Accounts that do not have MFA enabled while your main does then the only account this will affect is the main. So are you saying those who had MFA enabled were not getting the protection it is supposed to afford because anyone could use a non MFA viewer and still login without issue? Hasn't that just been giving residents a false sense of security in thinking that enabling it prior to today gave them some sort of protection when it didn't? Link to comment Share on other sites More sharing options...
AmeliaJ08 Posted September 19, 2023 Share Posted September 19, 2023 S 33 minutes ago, Arielle Popstar said: It will be if it breaks my Lumiya viewer since it would not be supporting the MFA. But you just have to not enable MFA... 2 Link to comment Share on other sites More sharing options...
AmeliaJ08 Posted September 19, 2023 Share Posted September 19, 2023 (edited) 5 minutes ago, Arielle Popstar said: So are you saying those who had MFA enabled were not getting the protection it is supposed to afford because anyone could use a non MFA viewer and still login without issue? Hasn't that just been giving residents a false sense of security in thinking that enabling it prior to today gave them some sort of protection when it didn't? It does strike me as odd that LL were allowing this for accounts where people had enabled MFA but it sounds like it, yes. What I really wonder is why those people thought they were getting some level of protection despite very obviously not using the thing they had enabled due to lack of viewer support? Edited September 19, 2023 by AmeliaJ08 3 Link to comment Share on other sites More sharing options...
Qie Niangao Posted September 19, 2023 Share Posted September 19, 2023 4 minutes ago, Arielle Popstar said: So are you saying those who had MFA enabled were not getting the protection it is supposed to afford because anyone could use a non MFA viewer and still login without issue? Hasn't that just been giving residents a false sense of security in thinking that enabling it prior to today gave them some sort of protection when it didn't? They weren't denied protection because anyone could use a non-MFA viewer, but that they themselves could do so—or more to the point, somebody hacking into their account could do so, perhaps using an antiquated viewer the rightful account owner had never even heard of. That is, they were not getting the benefit of the MFA they thought they had enabled. 4 Link to comment Share on other sites More sharing options...
Arielle Popstar Posted September 19, 2023 Author Share Posted September 19, 2023 Just now, AmeliaJ08 said: It does strike me as odd that LL were allowing this for accounts where people had enabled MFA but it sounds like it, yes. What I really wonder is why those people thought they were getting some level of protection despite very obviously not using the thing they had enabled due to lack of viewer support? Yes that is why I misunderstood the original Featured News article. Link to comment Share on other sites More sharing options...
Solar Legion Posted September 19, 2023 Share Posted September 19, 2023 Don't care about the Lab's own mobile Viewer project and frankly I hope it fails That's nice that you nor your friends have had issues with APK aggregators - your personal experiences with them are rather irrelevant: No official source, no official work from the Dev means that any such download is automatically suspect. That is the simple truth and reality It has been known for some time now that there was a loophole in the usage of older Viewers where MFA enabled accounts were concerned - if you were unaware of it then that is on you As of this announcement the potential door is closed - a door that only existed because Linden Lab listened to and took pity upon users of older Viewers that have had no active development for some time now You should be congratulating them for finally closing this loophole/security flaw as now it means that anyone who has Phished your account information or somehow managed to guess it will no longer be able to utilize an older Viewer to circumvent the extra level of security if you have it enabled. They did not have to give a grace period. They did so anyway, even after the majority of actively developed TPVs adopted the MFA prompt. Once more it is beyond time to move on. 3 Link to comment Share on other sites More sharing options...
Caleb Kit Posted September 19, 2023 Share Posted September 19, 2023 Well, I just filed a ticket with the labs. Starting up MFA fails because Google Authenticator (on a few month old) Samsung phone does not give out 'tokens'. So you can't complete the MFA sign up. I think maybe someone sent out that press release early cuz they aren't ready yet. Or me and my money will be going bye bye after almost 17 years. And I use Google Authenticator numerous times each day. I have used MFA all over for work and private business for over 10 years I believe. I have been looking forward to Second Life finally implementing this security feature. 1 1 Link to comment Share on other sites More sharing options...
Qie Niangao Posted September 19, 2023 Share Posted September 19, 2023 18 minutes ago, Caleb Kit said: Well, I just filed a ticket with the labs. Starting up MFA fails because Google Authenticator (on a few month old) Samsung phone does not give out 'tokens'. So you can't complete the MFA sign up. I think maybe someone sent out that press release early cuz they aren't ready yet. Or me and my money will be going bye bye after almost 17 years. And I use Google Authenticator numerous times each day. I have used MFA all over for work and private business for over 10 years I believe. I have been looking forward to Second Life finally implementing this security feature. Thing is, the Lab implemented it ages ago. I've used it for three SL accounts for many months, including today. Setting up a new account for Google Authenticator was painless each time I did it (with QR code, as I recall), and obviously you too have done it for non-SL accounts, so… I wonder if there's something broken today? 2 Link to comment Share on other sites More sharing options...
Alwin Alcott Posted September 19, 2023 Share Posted September 19, 2023 1 hour ago, Arielle Popstar said: So are you saying those who had MFA enabled were not getting the protection it is supposed to afford because anyone could use a non MFA viewer and still login without issue? Hasn't that just been giving residents a false sense of security in thinking that enabling it prior to today gave them some sort of protection when it didn't? It gives the ones who use it protection. Who doesn;t not. ... who rides with tires sits comfy, without it's a bumpy ride .. unless the road is even. Link to comment Share on other sites More sharing options...
Jackson Redstar Posted September 19, 2023 Share Posted September 19, 2023 MFA? I'm picturing Samuel Jackson for some reason...... 2 Link to comment Share on other sites More sharing options...
Love Zhaoying Posted September 19, 2023 Share Posted September 19, 2023 43 minutes ago, Jackson Redstar said: MFA? I'm picturing Samuel Jackson for some reason...... Does he work at the Museum of Fine Arts in one of his movies? Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now