thebridelucretia Posted February 23 Share Posted February 23 Can you type alt keys for a symbol when making a new password? Im afraid to try for making a new PW and it making something Idk what it is to log in - I use a 12+ letters and kb Shft keys currently but want to know if alt shortcuts will take - or what about using a foreign language kb character? Thank you very much if anyone can answer 1 Link to comment Share on other sites More sharing options...
Wulfie Reanimator Posted February 23 Share Posted February 23 No. 1 Link to comment Share on other sites More sharing options...
Kathrine Jansma Posted February 24 Share Posted February 24 The best thing you can add to secure things is adding the 2-Factor-Authentication to your account. That makes it less important to have a super strong password. 3 1 Link to comment Share on other sites More sharing options...
elleevelyn Posted February 24 Share Posted February 24 with passwords make them as a passphrase. A sentence, saying or lyric from a fav book, poem, or song that you can easily recall as it means something to you other than just being a password. If you worried about somebody working you out then use a saying or words meaningfully imparted to you by a person, parent, teacher, mentor who means something to you basically the longer a password is, the more secure it is from attack this said, also do as Kathrine said. Use 2FA as well whereever it is obtainable 1 Link to comment Share on other sites More sharing options...
Nalates Urriah Posted February 24 Share Posted February 24 (edited) Password phrases are great in several ways. Being easy to remember is an excellent reason for using them. I can't find a maximum length for a password in SL. With the coming of an SL Mobile app long passwords are likely to be a bit of a problem, if you go that direction. While 2FA is a great addition to security it adds a lot of moving parts. If we manage to start a new world war or even just piss off one of the big world players, that 2FA complication is likely to be a BIG problem. If you were an AT&T customer and using 2FA for SL then you would likely have been locked out of SL during AT&T's outage (ref). There are lots of theories as to what actually happened with AT&T. Many of us are highly skeptical of anything big corporations and governments claim, especially in an election year. Think: Leaving the World Behind. With all the accounts I have and all the accounts I manage on clients behalf the 'remember' and/or 'write it down' plans weren't working. I use a commercial password manager that syncs across all my devices. It is so nice and quick. By default it creates 16 character randomized passwords using upper (26) and lower case (26) letters, numbers (10), and punctuation & Symbols (30)... with gives us... 26+26+10+30=92 for 9216 or 26,339,361,174,458,854,765,907,679,379,456 or 26.3 nonillion possible passwords. if a supercomputer could check a billion (1,000,000,000) passwords per second, it would take about 8.2 x 1022 years to check 26 nonillion permutations. The estimated time for a quantum-computer to crack such a password is something like 5.1 quadrillion years… or about 364,000 times the age of the universe. A big improvement, but no prize. With the rapidly upcoming AI and all the data Google collects, it will likely be able to predict (guess) any password you make up. HOWEVER… a good scam or phishing attack can also come up with your password in less than an hour. So... while long passwords, and even randomized passwords are strong... real security is a matter of how smart you are and your level of gullibility. 🤔 Edited February 24 by Nalates Urriah dumb spelling mistake Link to comment Share on other sites More sharing options...
Rowan Amore Posted February 24 Share Posted February 24 4 hours ago, Nalates Urriah said: I can't find a maximum length for a password in SL. The maximum length is 16. 2 2 Link to comment Share on other sites More sharing options...
Gabriele Graves Posted February 25 Share Posted February 25 (edited) 9 hours ago, Nalates Urriah said: While 2FA is a great addition to security it adds a lot of moving parts. If we manage to start a new world war or even just piss off one of the big world players, that 2FA complication is likely to be a BIG problem. If you were an AT&T customer and using 2FA for SL then you would likely have been locked out of SL during AT&T's outage (ref). There are lots of theories as to what actually happened with AT&T. Many of us are highly skeptical of anything big corporations and governments claim, especially in an election year. Think: Leaving the World Behind. This is only true of 2FA systems that use SMS texts to send the codes. Second Life is not one of those systems. It uses a more secure time-based code system called TOTP (Ref: https://www.hypr.com/security-encyclopedia/time-based-time-password-totp-otp) which is more resistant to man-in-the-middle attacks than SMS codes and doesn't require any network to work. So it would still work during an AT&T outage. Edited February 25 by Gabriele Graves 1 Link to comment Share on other sites More sharing options...
Qie Niangao Posted February 25 Share Posted February 25 (Just in passing: the SMS network is likely to survive EMP more intact than most communications because it's based on a messaging system from the 1970s. In contrast, anything that relies on GPS will be toast. That's not to say anybody should use SMS for authentication—or much of anything else, for that matter.) Link to comment Share on other sites More sharing options...
Kathrine Jansma Posted February 25 Share Posted February 25 49 minutes ago, Qie Niangao said: the SMS network is likely to survive EMP more intact than most communications That might be true, but the mobile phone base stations would be down pretty soon anyway, so it wouldn't help. TOTP as 2FA has a few upsides and downsides. The upside is that is easy to implement on anything programmable with a working clock. Like people implemented it on Commodore C64... (Old Vintage Computing Research: Meet your new two-factor authenticator: your Commodore 64 (oldvcr.blogspot.com) , Smartwatches, Yubikeys, desktop apps (e.g. Keepass XC) and a ton of other non smartphone class devices. So it is one of the 2FA systems that should work in most circumstances. In a pinch you can print out the secret, store it in a safe location and clone a new authenticator from it later when your device dies. It obviously does have a weakness, as it can be cloned so easily, but for the threat model of SL it should not really matter. You don't need to defend against Evil Maid attacks..., well, not for your 2FA at least, inworld there might be Evil Maids trying to do nasty things, but thats a different matter. 1 Link to comment Share on other sites More sharing options...
Gabriele Graves Posted February 25 Share Posted February 25 After an EMP, I think we'd have bigger problems with our own equipment no longer functioning and/or those remote services no longer functioning. 3 Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now