Security conciousness (may offend some)

Is it helpful as of right now when Alex cannot change their security answer? If you were saying something like, "In the future just do what I do and then input your advice", that would come across as more helpful.

What you are describing is a password, not a security question. What is the point of a security question that has meaningless gibberish as an answer?

I share your sentiments especially when it comes to security questions with emails. I never forget my password so I never really have use for a predefined "Where were you born" kind of security question.

In situations like this where there is a password change, USUALLY, all they ask for is your email to email a link so that you can reset a password.

Is it helpful as of right now when Alex cannot change their security answer? If you were saying something like, "In the future just do what I do and then input your advice", that would come across as more helpful.

I am concerned that Linden Labs is going to get hit hard by an exodus of users after this issue with having to invalidate everyone's password. I feel for the few people this is genuinely inconveniencing. I have empathy for the very few people who legitimately lost control over the email account they used to register, or committed a typo on the security question.

However.

(And this is going to sound "snide", "high-handed", "elitist", "snotty" - Just, whatever, direct your flames to /dev/null) -

Linden Labs did /everything/ right in this incident.

Your password is the key to your account. It should be more than eight characters long, shouldn't be obvious, should have non-alphanumeric characters, should resemble modem line noise even - 22Tre#*;zlWG is a good example. (Don't use that, BTW).

To give you a way to RESET that password, they've provided a backdoor.

Your password should be changing for every system you use every six months anyway.

Beyond that, there is no such thing as perfect security. It's never a question of IF the system is going to be broken into, it's a question of WHEN, and WHAT can be done to minimise the security fallout

Why? Why must I - in the death hours of the forums - listen to people whine about how they blame Linden Labs for TREATING THEM LIKE ADULTS? Why must I listen to people whine about how they FAILED TO ACT RESPONSIBLY but BLAME LINDEN LABS?

You're ALL ADULTS. MOST of you grew up in an era where having a computer access password and maintaining it is a FACT of LIFE. Those of you who DIDN'T have even LESS reason, because you've been alive long enough to KNOW BETTER and have been exposed to this FACT of LIFE for LONGER.

Are you "mad" at "Linden Labs" for having to enact a standard security procedure to protect your use of the service (and your bank account) - ? Mad because you used a throwaway email address, can't remember it, put in stupid and false answers to the security questions?

Hey, here's an idea - the situation you are in is your own fault. Linden Labs did what they had to do, what they would be expected to do by MATURE people.

Remember that when you get on the phones on Monday to get your password reset - that it's NOT LINDEN LABS' FAULT - THEY ARE HELPING YOU. Do NOT take out your guilt and self-hatred on the person on the other end of the line. Thank them for going OUT of their WAY to HELP your disorganised, irresponsible, and lackadaisacal BUTT out of your own predicament.

Flames to /dev/null. Praise to /dev/null too. But be sure to direct people here if they are whining.

I share your sentiments especially when it comes to security questions with emails. I never forget my password so I never really have use for a predefined "Where were you born" kind of security question.

In situations like this where there is a password change, USUALLY, all they ask for is your email to email a link so that you can reset a password.

Linden Labs did /everything/ right in this incident.

(etc.)

It absolutely is a password. *shrug*

I am concerned that Linden Labs is going to get hit hard by an exodus of users after this issue with having to invalidate everyone's password. I feel for the few people this is genuinely inconveniencing. I have empathy for the very few people who legitimately lost control over the email account they used to register, or committed a typo on the security question.

However.

(And this is going to sound "snide", "high-handed", "elitist", "snotty" - Just, whatever, direct your flames to /dev/null) -

Linden Labs did /everything/ right in this incident.

Your password is the key to your account. It should be more than eight characters long, shouldn't be obvious, should have non-alphanumeric characters, should resemble modem line noise even - 22Tre#*;zlWG is a good example. (Don't use that, BTW).

To give you a way to RESET that password, they've provided a backdoor.

Your password should be changing for every system you use every six months anyway.

Beyond that, there is no such thing as perfect security. It's never a question of IF the system is going to be broken into, it's a question of WHEN, and WHAT can be done to minimise the security fallout

Why? Why must I - in the death hours of the forums - listen to people whine about how they blame Linden Labs for TREATING THEM LIKE ADULTS? Why must I listen to people whine about how they FAILED TO ACT RESPONSIBLY but BLAME LINDEN LABS?

You're ALL ADULTS. MOST of you grew up in an era where having a computer access password and maintaining it is a FACT of LIFE. Those of you who DIDN'T have even LESS reason, because you've been alive long enough to KNOW BETTER and have been exposed to this FACT of LIFE for LONGER.

Are you "mad" at "Linden Labs" for having to enact a standard security procedure to protect your use of the service (and your bank account) - ? Mad because you used a throwaway email address, can't remember it, put in stupid and false answers to the security questions?

Hey, here's an idea - the situation you are in is your own fault. Linden Labs did what they had to do, what they would be expected to do by MATURE people.

Remember that when you get on the phones on Monday to get your password reset - that it's NOT LINDEN LABS' FAULT - THEY ARE HELPING YOU. Do NOT take out your guilt and self-hatred on the person on the other end of the line. Thank them for going OUT of their WAY to HELP your disorganised, irresponsible, and lackadaisacal BUTT out of your own predicament.

Flames to /dev/null. Praise to /dev/null too. But be sure to direct people here if they are whining.

What you do with security questions is either pick one that would be very hard indeed to find the answer to - or, preferably, just treat it as another password. What city were you born in? Hysahj!116jp, I had a happy childhood there.

We already have a password.

That is what most of us remember, memorize, even change on occasion for security.

So, you are saying the "security question" is a second password, not a question you are supposed to remember the answer to if you... forget your password.

I don't think the majority of people view their "security question" as another garbled alphanumeric code to memorize. We already have that, it's called our password. This is what you are supposed to use if you lose or forget that, something easy to remember because it is a question, unlike a real password. For that very reason people don't like it because it is something others can figure out if they know you. Especially if they, oh, already have access to your real name and address, as this hacker did.

Ordinal! You're from Hysahj!116jp too?! Paisan! What street did you grow up on? (We were near the corner of WxZlwi$blpt and #*yUikcpt.)

I'm sorry folks, but the reality of the situation is this: if you entered gibberish characters as the answer to your security question (which is actually a good idea) and failed to record those characters somewhere for future reference, then your complaints are best directed to the nearest mirror.

Ordinal! You're from Hysahj!116jp too?! Paisan! What street did you grow up on? (We were near the corner of WxZlwi$blpt and #*yUikcpt.)

I'm sorry folks, but the reality of the situation is this: if you entered gibberish characters as the answer to your security question (which is actually a good idea) and failed to record those characters somewhere for future reference, then your complaints are best directed to the nearest mirror.

Finning, the problem with that rant is that you defended passwords when nobody is complaining about passwords. All of this boils down to the security questions, not the passwords, and unlike passwords, which make a lot of sense and which we tend to remember because we use them all of the time, security questions are dangerous, foolish, horrible, bordering on the worst idea of all time ... oh yes, let me put in my mother's maiden name because surely nobody can find that information with ease.

How silly. So you're forced to either plug in some easily researched information, in the process screwing yourself out of the security provided by your carefully chosen and actually difficult (unlike the security question) to figure out password, or you put gibberish in the security question field so that some jerk won't be able to easily compromise your account. After all, you tell yourself, I have my password. You know, that carefully chosen, difficult-to-guess password that you just spent so much time defending, Finning.

Only your password is suddenly invalidated, and now you need your security question. You know, the easily researched, horribly vulnerable security question that you either went ahead and put in, thereby making of yourself an easier target ... or else filled with nonsense so that your password could actually do you some good?

We already have a password.

That is what most of us remember, memorize, even change on occasion for security.

So, you are saying the "security question" is a second password, not a question you are supposed to remember the answer to if you... forget your password.

I don't think the majority of people view their "security question" as another garbled alphanumeric code to memorize. We already have that, it's called our password. This is what you are supposed to use if you lose or forget that, something easy to remember because it is a question, unlike a real password. For that very reason people don't like it because it is something others can figure out if they know you. Especially if they, oh, already have access to your real name and address, as this hacker did.

Finning,
I am sorrt for that. Its just that the forums are closing and I have never flamed anyone. You are the only person I have really flamed. It is all in fun since this place will be shit down soon.

Brilliant. What a nicely selfish attitude.

Since it's hopeless to expect that you'd actually care about the misfortune of others, perhaps I could appeal to a little enlightened self-interest? Or were you aware that SL needs more than just you in it to keep running well?

Finning, the problem with that rant is that you defended passwords when nobody is complaining about passwords. All of this boils down to the security questions, not the passwords, and unlike passwords, which make a lot of sense and which we tend to remember because we use them all of the time, security questions are dangerous, foolish, horrible, bordering on the worst idea of all time ... oh yes, let me put in my mother's maiden name because surely nobody can find that information with ease.

How silly. So you're forced to either plug in some easily researched information, in the process screwing yourself out of the security provided by your carefully chosen and actually difficult (unlike the security question) to figure out password, or you put gibberish in the security question field so that some jerk won't be able to easily compromise your account. After all, you tell yourself, I have my password. You know, that carefully chosen, difficult-to-guess password that you just spent so much time defending, Finning.

Only your password is suddenly invalidated, and now you need your security question. You know, the easily researched, horribly vulnerable security question that you either went ahead and put in, thereby making of yourself an easier target ... or else filled with nonsense so that your password could actually do you some good?

I don't get it either, Alex, except that there are a group of people here who always fall over themselves to blame LL's problems on their customers, can't do it fast enough, happens every time. Methinks they don't have much experience with real world business if they think that is going to fly. Like we should thank LL for the privilege of taking our money and not bother them with any complaints.

I despise sychophants. Especially those who do it with a company, for chrissakes, you are a customer, and many of you are paying customers. Their db was hacked by some little shit who may have your personal info and god knows what else, they won't tell us. Further, their solution is locking out people for days without access to customer service for help. Why? Because it's the weekend, baby!

But it's all our fault.

I'm leaving now, before I say any more, heh.

Right on! Because it was magic pixie dust and angels that broke through their tightened security after similar incidents! Totally not LL's fault since they were going against PIXIES and ANGELS who wanted this accessible information via SQL injection exploits and we all know nothing can stop PIXIES or ANGELS.

.. Oh wait. What was that you were saying about being security conciousness and responsible again?

What you do with security questions is either pick one that would be very hard indeed to find the answer to - or, preferably, just treat it as another password. What city were you born in? Hysahj!116jp, I had a happy childhood there.