Possible change in logging on to SL

(Small rant: I really hate that "official" announcements end up being so fragmented all over the place. There's no reason this couldn't have just been posted to the blog)

"Website Viewer Authentication"
General: https://wiki.secondlife.com/wiki/Viewer_Authentication
More Technical: https://lists.secondlife.com/pipermail/sldev/2007-September/005339.html

Changes that will (negatively) affect most people are probably:

* anyone with an alt: most people probably leave only one account logged in to the site (for the forums, their transactions, online friends, etc) and then use the viewer to log on whatever account they need/feel like

Under the new scheme there is no longer a separate viewer login, so if you want to use an alt you'd have to log out of the site and log in as the alt and start SL from there (and log the alt back out of the site and then the main back in if you want to go back to normal).

* if you currently log on to the SL site (to read the forums, or check on a support ticket, etc) on a puter and forget to log out the worst that someone could do is some general - granted annoying - misschief but all your L$, US$ and inventory would basically be safe.

Under the new scheme forgetting to log out of the site on a puter you don't own means that other people could log on as you directly from the site.

---

As for being more secure, that doesn't really seem to be the case (discussion on that specific aspect is happening on the SLdev list).

the upside of this is that third-party viewers will no longer have the ability to grab login details. your passwds will never be passed through the client!

i suppose for multiple logins one could login, launch client, logout, login alt, launch client, and thus have two avs in world at the same time. i doubt your client will get logged out if you log out of the website.
using firefox, i can log-in/out three times faster than i could with the client anyway.

will this hurt your security at all?

Heck, with IDV coming, you wont have that many alts anymore anyway.

More secure? O yeah, you mean like the Patriot Act was supposed to make me more secure, when what it mostly did was limit my freedoms and allow the government to track me more effectively without having to answer to anyone but themselves.

Security is an illusion, much the same way "Your World. Your Imagination" was.

They aren't keeping YOU more secure. They are securing YOU as an asset, a number and a resource. You are going to be easier to track this way. That's the bottom line.

It might also be a way to get more information about who is using third party viewers, and which one is being used most often, so they can GOM their asses too. That would be the fine print.

Id count all this as hurting my security

how could this possibly make us any easier to track? they have access to every byte of grid data there is already.

How do you say "understatement" really emphatically? How about "UNDERSTATEMENT!!!!111twelve!!!"

So who exactly thinks applying the Internet Explorer (in)security model to SL is a Good Thing? Does said person own a brain?

I *thought* making your Login ID freely available for dictionary attacks was as daft as you could make a login system. I was wrong. While they're at it, why don't they drop SSL anyway, it only adds needless complexity; and passwords for that matter too, so annoying.

True - but there's nothing to stop a third party client having code to steal all your L$ whilst you are connected (for instance).




Just be careful to check who you have logged in as when you post to the forums though!

We've been discussing this over on the open source developers list since yesteday - we are hoping that this is more of a proposal than work completed and that it can be discussed further before implementation and possibly completely rethought! It isn't a very popular decision based on posts there to date. It seems to create more problems than it attempts to solve (and doesn't really manage to solve them anyway).

The only thing is does achieve is persistence between you SL logon and your SL web/forums/account logon but no one seemed to have been asking for that, and anyone with an alt will soon be asking for it to be removed!

Matthew

Great point.

I use Netscape - but I figure thats not all that secure either.

And while were at it - the first name last name password thing is STUPID.

We need an additional screen name thats not public knowledge.

That's how LL seems to be seeing things.

The problem with that is that you're assuming that the user was already tricked into running malicious code: if you can log on to SL simply by clicking a button on a site so can the "evil viewer", it doesn't even need you to type in your password anymore. Or it could simply spawn another proggie that catches your password as you type it in on the site.

In general, as soon as you tricked someone into running arbitrary code there isn't anything on their puter/account that is still secure so with the new process you're either just as secure, or more likely less secure and it'll be less convenient than things are now.

L$ isnt the big worry though.
im more worried about people being able to login and deed/sell/abandon my land, or login to the website and make use of my cc.

people still use internet explorer?

I think most people do.

Its still the only browser you get when you buy a new PC from a large retailer in the US.

OR from Gateway/Dell, etc.

I been looking at the first post and i can`t make any sence of this. Can someone sum it up 1/3 of its first posting form?

well i suppose there is no way to protect people from their own stupidity.

They have been pushing everything they can out to the 2D old skool web. Now they are wanting to use their security flawed, unpatched vBulletin system as the security enforcement? Way to lead in 3D space, folks!

I can only expect that this will be followed by an announcement that allowing strangers at an internet cafe access to your account is a capital offense.

Yeah, I know it is only a proposal, but to even *suggest* it shows astounding cluelessness.And yes, Colette, Netscape/Mozilla/Opera isn't quite as bad as IE in this regard, but neither is it much better.

LL think maybe they should stop putting the login stuff on the client, and people should instead login to the website. then launch the client from a link on the website, using the websites session info.
thats how i am understanding it.

hmm but shes basically saying its stupid to run a third party veiwer at all, reguardless of this new log on system.

Right now we have two ways of logging on:

1) through http://secondlife.com for things like the transaction history, account information, etc
2) through the viewer to actually get in-world

LL considers 2) to be potentially insecure so the only thing that would remain in the end is 1).

You would go to http://secondlife.com and log in to the site (if you're not already logged in) and on the site, click a button that says "Launch SL" which launches the viewer and logs you on without ever having to type in your password in the viewer (like you do now).

I hope that made more sense .

wouldnt the most secure way to log in involve actually firing up the SL application - then as your there floating in 3D limbo - Log in , while already in world.

Then youd be safe from nearly everything excapt a key logger, right?

i suppose its more risky. but i dont have much of a choice because the official view stopped working for me many months ago. since i do use a 3rd party viewer i do my best to manage my risks. i dont typically keep more than a couple thousand L$ in-world, i dont use the 'remember passwd' thingo, and i use alts to own my land-deeding groups.
it all comes down to risk management.
if somebody chooses to keep all their land in their name, keeps hundreds of thousands of L$ in-world... they take a risk, 3rd party viewer or not.

to foil the loger they could employ something similar to a calculator interface, forcing you you click your passwd in. and to make it more secure make the calculator move about the screen after every click. AND even use hardware acceleration bugs to make it difficult to screendump.

It wouldn't be difficult for a third party (malicious) client to silently buy L$ off your credit card and syphon them to another account (whilst displaying the L$ balance you'd expect to see).

However, as has been suggested in the sldev list, a much better approach if you want to use a third party viewer but were worried about it stealing your password (but otherwise thought it trustworthy) would be the ability to create a one use only passwords.

Matthew

Sorry if that's how what I said came across . It's not inherently stupid at all, just make sure you make an informed decision before installing any random third party viewer (or proggies in general) .

If someone's at the door of your house asking if they can come in you make a judgement call on whether you'll let them in or not. If they don't seem trustworthy, you don't let them in.

My point was that if someone with bad intentions can trick you into letting them into your house, then you've really lost because at that point they have access. (Kind of a forced comparison but it should work )

Kind of that whole never invite a vampire in thing