Could be also to have a two steps in logging?

[alba2685]

Hello, I started the topic in "answers", due to a feedback suggerence from an user maybe it's better to post on this section, so I think it can be better-placed now. Thank you Nalytha. :smileyhappy:

 

First at all, excuse me if this topic is repeated please, although i didn't watch it looking up here but i could have missed it, but i apologize for it in case someone else has asked it before.

 

As Google, Facebook or Hotmail have implemented ways to have strong logins, although the user has an important role here and it's always good to change the password regularly but, do you think we can have the same in order to have a safer, stronger and better SL?

 

Thank you and best Regards.

[Nalytha]

I'll paste what I put in the other thread first: 

"I love multistep authentication. Steam and Blizzard does it really well with the app. It would have to be an optional thing. For Steam, they basically say if you don't use it then they aren't responsible for anything bad happening to your account. As far as I know, LL doesn't actually do anything about stolen stuff? So I guess that's why they don't implement it? I'd personally love an option at least. "

Blizzard started two step authentication in 2008. It first started as a physical item that you bought and it produced a code to enter. Eventually they offered a smartphone app. Thinking about this fact now, I'm actually surprised Second Life didn't adopt this feature considering how much real money is invested here. 

I watched Steam transition to the app. They did a couple of things wrong. One thing was only offering it on Android and Apple. The Windows folks and people without smartphones were very upset. So, the lesson learned from that is that there needs to be options. Smartphone, email, etc or disabling entirely and dealing with the consequences. 

[alba2685]

Thank you Nalytha, and yes I got surprised too and this is because I thought to add a post. It's the user's responsability but he or she must have the choice, first. For example Google helps giving options and the user decides to use them. I think this can make a stronger and bigger SL (It's big already, but bigger :smileyhappy:)

[Alwin Alcott]

at first i'm not for two step but also not against...

major problem here for account theft is people being very uncarefull with their sign up info

nearly all violations are by phishing... people enter their paswords at non secure sites.

next big problem is some/lots accept everything from everybody, and don't look at the warning signs that pop up...agree and you account balance is gone

 

For these two things is only one solution : WATCH out... double verification will not and never help to prevent this

 

[Nalytha]

True. People can do stupid stuff. But if you have two step and someone clicks a link they shouldn't -- well that second party isn't going to be able to log into their account.

 

I'm sure Linden Labs gets a lot of tickets about claims of people being hacked/stolen/etc. Making something like that would decrease the amount of those tickets.

[Adcap6]

"Is people" seems to be the issue huh? always the person whom the account is compromised is the one at fault. Be damned the person who did the violation and its very obvious account 'hacking' 'phishing' etc. and so on isn't really a big deal, good job on your hacking skills! bravo!. In this case and especially Secondlife, crime DOES indeed pay.

Being a thief is WRONG period, so let us not cloud this little situation to where the victim turns into the 'idiot' and the criminal turns into the 'intelligent' one. Right now, anytime I see anyone turn the tables makes me a little suspicious that just maaaybe, YOU might be involved as well with all this cute account theft fiasco, so be careful with the choice of words. "the Guilty Dog Barks First" comes to mind here.

So, damn right Secondlife needs a Secondary Authentication process, this should have been in place since day one. There have been millions of dollars made via Secondlife over the years so yeah, the thieves want to steal it, duh. The entire SecondLife population is at fault for not standing up to this mess and saying enough is enough!! Stealing anyone's money isn't OK, shame on you for not being savvy with your idiocy.

Being lazy and or an inconvenience for you to take the time to put in that little extra effort to log-in, well until Alwin gets hacked anyway right? What you and your opinions are but yours only. Rest of us who do want a little more effort in the way of keeping our lindens and bank accounts safe...DO. Give it time, something may or may not happen to where accessing any account will take no password etc. if we don't start doing something about this NOW.

[Sassy Romano]

Two factor authentication absolutely would be of help in mitigation of these issues.

[Nalytha]

I think you make a great point. The criminals are never blamed in these situations; it's always the stupid person who fell for it. I hear that about real life crime too, especially when someone gets their car broken into. "If you left your doors open, you DESERVE to be stolen from!" Things like this boggle my mind. And I'm not making it up. I live in a very crime infested town. I read about crime everyday and so many locals say the same thing "That person was stupid for walking alone in that neighborhood at night." "That person is stupid for living in that neighborhood" Etc.

Okay, I'm ranting.

I've seen this conversation about two-step authentication sooo many times in different games. It's often met with a lot of resistance. But I think all parties can be happy. It just takes it being optional. I do agree with Steam though, that if you choose not to secure your account, you should acknowledge that you are choosing to not ask for their help when your account is compromised.

The apps are getting more and more sophisticated people. No longer are the days where you need to log into your phone every single time you log in and enter a code. Blizzard has it set up now where it only asks for your code if you are logging in from a new location. In addition, their's is really nice because you don't have to enter anything. A request pops up on your phone asking if you authorize this log in attempt and you just click yes or no. Done. 

[alba2685]

Hello, Alwin has said a very interesting thing, and this is to remember that the safety is a whole process instead of concrete measures as two authentication factors, although there to be more measures helps of course. We always need to watch that we do and it's good to educate people on this.

 

Very good points said here, thank you all. :smileyhappy: