Require MFA of all users
Emma Portilo
Making MFA required for all users, instead of allowing them to opt in to use, would be safer for all of us. It is great that those of us that want to protect our accounts can do so by choosing MFA. But if it were required of everyone it might help reduce stolen accounts and the unfortunate messages sent in groups with phishing links.
Log In
Aunty Lockjaw
not for me! Facial rec as well as fingerprints consistently fail for me. If we could get a portable key to use on any medium we are logging into that might work, current types of keys only work if you're on the same computer every time, unless I'm misunderstanding
Tonya Souther
Not only no but hell no. Especially hell no to using SMS as an MFA vector: it's inherently insecure and far too easy to hijack.
If the viewer could plug into password managers, then I might consider it, but otherwise? Screw that.
SarahKB7 Koskinen
I am against MFA, as it can cause a double MFA authentication loop.
Sometimes, an MFA authentication needs to be authenticated from a second second MFA.
And when authenticating that second MFA, it asks you authenticate from the first MFA. And you can't, because both MFAs are trying to authenticate themselves at the same time.
Basically, you get stuck in a perpetual MFA loop that has no solution or ending.
So, no thanks.
Lita Jannings
They need to make it so when using the Mobile Viewer, you can have it not ask for the code for 30 days like is done on Computers. every time I use the mobile viewer, I have to get the code to log in.
DarkNess Bloodstone
Lita Jannings same. It's super annoying.
Spiffy Voxel
Lita Jannings Very fair point, and frankly bizarre on the Lab not to make it the same as on desktop.
Naughty Puppy
I'm all for mfa (and use it for second life), but the second life ux for it is intensely crusty and implemented neither uniformly nor in places that are actually security critical, like changing contact details and passwords. This would probably be detrimental to user retention as-is.
Splatting in six digits from a secrets manager is half my life and not a burden to most, I imagine - but the experience and application would need a lot of improvement before mandatory makes sense.
Tamiya Starling
MFA creates more headaches than one should have to endure. I've nothing against it being optional for those who feel they need the "protection" it provides, but I myself avoid it at all costs. I'm in total agreement with the large number of comments that suggests Multi-Factor Authentication should be the user's choice. I vote NO to mandatorily requiring it and shoving it down all user's throats.
JenniWindrider Resident
LLs current MFA is beyond broken. As it stands it's barely useable. No recovery codes and no sliding window +/- 1 MFA code.
And it has been that way since day 1, with no fix whatsoever.
Spiffy Voxel
JenniWindrider Resident I get your complaint about lack of recovery codes, which I agree is a bizarre oversight on the Lab's part. But I'm not clear on what you mean by 'sliding window'. Whenever I need to enter an MFA code, I always wait until just after a new code is generated, so I have plenty of time to copy that over before it expires.
Zanya Resident
I don't support forcing people to use this.
SL residents need the education to opt-in, otherwise you are going to have people that don't understand the tech getting locked out of their accounts.
How about SL gives group-owners the ability to turn off links in group chat instead?
Alisyn Baxton
Not until SL implements one-time recovery codes for MFA. See comments on https://feedback.secondlife.com/feature-requests/p/more-and-better-security-systems-for-our-accounts for details.
Zanya Resident
Alisyn Baxton This, honestly.
Spiffy Voxel
Alisyn Baxton Already upvoted, and yes the Lab needs to make their MFA implementation more robust.
misstoriblack Resident
It's the user responsibility to enable it. Never impose anything to users. You EDUCATE your users. You do not impose !
misstoriblack Resident
Also we need a way to downvote ideas here ... I would downvote so hard.
AlettaMondragon Resident
misstoriblack Resident I know, the lack of a proper upvote/downvote system is the biggest flaw of this platform.
Load More
→