Wake up, LL apologists. This affects you, too.

I don't think anyone will be left high and dry, because once they get going, I think the Lindens will keep at it until everyone is fixed up.

I would point out, though, that this business of blaming users for not remembering their security question is about as stupid as blaming LL for someone hacking the account.

I mean, yes, SURE, everyone should write ever last little thing down in a book. And yes, SURE, SL should be so air-tight that this thing didn't happen in the first place.

But that's not the way the world is, and the truth is, no one wants this, not them or us.

To me, the main thing is they need to work on THIS over the weekend, round the clock.

coco

Quit being so reasonable.

(1700!)

Not blaming anyone, it's just being responsible. If you (not you personally, the general "you" can't be bothered to remember your password, who should?

And how do you verify people who used email addresses
that they no longer have... and probably no longer remember?

Any system that relies on 2 out of 3 (name/addr/question) is more robust than one that relies on 2 out of 2. (name/addr)

So you're saying tht people should not be held responsible for their actions? Man, I wish the local police felt like that, I could get to work in half the time (It's the town's fault that their speed limits are lower than I want.) Or head down to the local dealership and just drive off with a new car (It's the dealership's fault that I can't afford the car.) What an interesting world you must live in.

As for if it happens to me? I say "F#*&! I screwed that up." I do *NOT* however blame someone else for *MY* mistake. And believe me, I screw up plenty.

But I take responsiblity for my own actions/inaction. I make sure that if something's important to me, I protect it. I picked a secret question that had a private and personal answer. Not even my immediate family would know what the answer was. I make sure I have good passwords. Hell, I found an OLD SL account I made a year before I made this one. I ressurrected it and then *CHANGED* the e-mail to be sure I could maintain it. I didnt have to change the questoin since the one I picked is so unforgetable I used it the first time.

By typing gibberish into the personal question, people CHOSE to risk their account. By entering in a bogus e-mail or not updating their e-mail, they CHOSE to risk losing control of their account. I can't possibly understand how someone could look at either of these and think "This question is unimportant." or "I don't need to have a valid e-mail attached to my account." ESPECIALLY those who actually handle REAL money through their account. Boggles the mind.

My main (paying) account doesn't even HAVE a security question. Or Linden lost it.

Funny how that happens to the paying account but not the alt. And right around the time another tier bill rolls around too.

You are wrong about that. I tried to reset my password on my main account and it says there was no security question for that account. Now how was that my fault? I did not type gibberish nor think that the question was unimportant. I have done exactly as LL has instructed, and I got nothing.

Thats not your fault at all. There is clearing something wrong with the database that holds the secret question answers along with the passwords. It's clear that when they reset passwords they also reset some of the secret question answers or they gave people who didnt have secret questions to begin with one without an answer.

Then that's not your fault. That's easy.

What I have an issue with are those that put gibberish as the answer for their security question and/or had an invalid e-mail address set for their account and then start screaming at LL when they can't fix their account. They CHOSE to ignore something that was obivously important.

By your words, you did not. Your issue is an entirely different issue. And as I've said before, I also think it's really stupid for LL to close their support for the weekend after doing something like this.

If it's a technical screw-up, it's not your fault. Relax!

I think it might help to state the difference between purposefully listing a false email address when registering an account and the people who are saying they provided the correct information but still can't change their password.

The first is user responsibility. The second is a fuckup on LL's part, the database, or a combo of the two. To add insult to injury, its an additional fuckup in a week full of some pretty lame situations. Debates on proper security, what should have been done, what could be done better in the future, and them getting back in the office to handle customer service calls (which I'm all for) aside.

I don't think anyone would blame people in the second situation. If you're interpreting it as such, take a second and remember which situation you're actually in. I didn't specify as clearly in my first post, but I was reminded inworld that you can neva assume people will understand what you're trying to say.

EDIT: what Ketra and Lorelei said, with the inclusion of soothing photo of...what is that anyway

Obviously, this isn't applicable to you.

I can't help it

No, I know its not my fault, I'm just pissed because I can't access my main account. The one with the money, the land, and the fun stuff.

I see it has happened to other people as well

It would only stand to reason that if your account is a few years old, you may have changed e-mail addresses, you cant find the peice of paper you have your secret answer on, your pet died, you got a new one, your mom remarried, you didnt give an answer on the security question, theres numerous reasons why the security question thing sucks...


A better way to have done this is, answer any of the questions such as,

give your old password with say your zip code,
your phone number, the last 4 digits of your credit card #, your state, etc, all this is personal information on the same file as the security question.

This whole ordeal could have been made MUCH easier on your customers, who are not at fault here.

What alex says IS Valid.

I Had great difficulty in Reaccessing my account, Mostly due to beastly Lag on the SL Website, But there WAS one moment where i Typed in my Answer and it Came Back as "WRONG Answer"
~Momentary brown trousers time~
Visions of Two years worth of People and Objects, and clothing i would No Longer be able to access. All my Resources, All my creations and Inventions All my Photos, and stories, and Memories Permanantly Beyond my Reach!!
I Calmed, Thought about where my head was Back when i first Logged into SL and tried another Answer.
!!!Reprieve!!!!
Now, i DO have all these Codes, and Passwords, and answers and things Recorded in a Little Black Book, Have done since the Start, But it's been a Long time since i've Needed it, and I've Moved once in the Interrum SO it was not readily to Hand. Could take me weeks or Months to Find.
It's Easy to Point a Finger and say "it's your own Fault" But Imagine Logging in today, and your On Line Love isn't there. No Big deal S/he will be on tomorrow, But tomorrow comes, and Goes, and No Love.Eventually you get an Alt saying thier Prime is Gone. Ok,, That situation Isn't so Untennable. How about if it is someone you have a business with?
Someone who Holds a Good part of your Money, or stock, or records. Someone who is Part of a Creative Team. Sure, you get them Back as an Alt, but their Resources are Gone.

The solution that LL came up with was the Most Immediate to Deal with their Problem (And I'll Be Honest, OUR Problem as well) But WAS it the Best Solution? Were the Risks of Loss to the existing accounts Justified by the Benefits or should a Less Risky solution have been tried First?

alex is right, this DOES Affect you ALL. It could have been (and still might be for some) disasterous.

I just want to Know LL had considered well, and had absolutely NO other Possible option than the one they chose. I don't think that is an Unreasonable Question to ask.

Angel.

It's not at all an unreasonable question. It's only unreasonable if you've already answered it before giving LL time to deal with the situation.

'Secret questions' in a nutshell...

on sidenote, i can't help but wonder how many of these screaming about user responsibility and tough love etc are doing it *after* this SL password reset made them scramble in panic and write down/verify login and email details for all services they've signed up 2+ years ago and are still actively using. Hindsight is always 20/20, especially when it's somene else who gets the short straw...

Oh it could easily have happened to me, and if it had, I'd be blaming myself for it. Not anyone else.

Nope. Like I said in a previous post, the secret question I chose was still easily memorable nearly 2 years later because I made sure it wa something important to me.

Well, the alert DID say that they Discovered this Problem on the 6th of September, it is now the 8th of september.

Tech support and Interned security people out there,
Are there any equally effective, Less Draconian, Less Risky options they COULD have considered AND Put in place in 48 hours?

Or did they just take the Easy way out completely disregarding the Possible Losses to their client base?

I haven't Answerd ANY of the questions i have Posed, I've Posed them and i am Waiting for Answers.

Angel.

Y'know it occurs t me if they just reset the passwords of all accounts using a random password selector for each user. Then sent off a email to the email addy of record associated with each SL account with a message saying 'this is your new password, you will be required to alter it on next login, please do so asap'. A lot of grief might've been avoided for those whom have forgot their secret word or due to database error cant get in.

Note, I've gotten in on all my accounts save one, which for some reason is responding that I've a error of some stripe regarding that accounts secret word.

Yup, but then it's sort of a point, there... i mean, if it's something that you recognize could happen easily, then insistence to rely on such questionable 'security' mechanics isn't really greatest choice ever made, is it? After all, cool, so it happens to someone and they are to blame. Like knowing where to put the blame is going to help them diddly squat in actually fixing the mess that could've been avoided by not creating situation where it can arise, in the first place..? -.o

(this isn't trying to put the possible blame somewhere else, more of musing if this whole 'secret question' think wouldn't be better if simply done away with)

I can't help but think that they know which is precisely why they are trying to minimize any concern.

Can you say damage control?

*Pats Alex*
It is times like these that a cuppa and a bacon butty do wonders....