Viewer Authentication

From Second Life Wiki
Revision as of 19:23, 29 September 2007 by Rob Linden (talk | contribs) (Reverted edits by Iliekcam Horan (Talk); changed back to last version by Maurice Linden)
Jump to navigation Jump to search

Website Viewer Authentication (WVA)

In the past, the Second Life viewer and Second Life website have both required you to type in your name and password in order to access the grid and your account information. With Website Viewer Authentication, Linden Lab seeks to bring these two together such that you will only need to type in your name and password at one place in order to access this content. Now you'll be able to launch Second Life, securely, from the SL website.

It's your choice!

When logging in, you do not have to change your daily routine. The login screen you are given when starting the Second Life viewer will be a website version of the current interface. However, it's suggested that if you want to take the most secure route to logging in, you do it via the Second Life website. Once you've logged in to the website, you'll see a Go Inworld! button which will automatically launch the SL viewer for you. By logging in this way, you will know that you're typing your password into a safe environment, whether you use the official LL viewer or (eventually) a third-party viewer.

Note to Linux users: Linden Lab is working to allow a secure website authentication for as many Linux users as possible. However, due to the nature of Linux distribution, a website login is not guaranteed to work as it may fail for reasons Linden lab is unable to predict. In these cases, it is suggested you log in via the viewer's login page.

Frequently Asked Questions

"I'm always logged in on the SL website. How does this affect me?"

If you're logged in on the website, you're simply one step away from being in Second Life. A "Go Inworld!" link will be on the website for you to click which will launch your Second Life viewer and log you in automatically. Keep in mind that if you use multiple Second Life accounts, you will need to log out via the website before logging in with another account. However, if multiple people use your computer, you may take advantage of your operating system's "User Switching" capabilities so that your cookies are not shared and logging out from the website is not a requirement.

"On the viewer's login screen, I'm giving the choice of where I want to log into. Will I still have that option?"

Yes! The Go Inworld! page will contain the same options the SL viewer's login has. You can login at your last location, your home, or a destination you specify.

"I have separate accounts that I use. How does this affect me?"

If you wish to use a separate Second Life account, you must log out of your current account on the website and then log in with your separate account.

"I use Second Life from a computer that is not mine. How does this affect me?"

So long as you are logged into the website on someone's else computer, they will be able to gain access to your account, just as they would if you stayed logged in on a blog, in a video game, or on a social networking website. If you simply log out of your account on the website when you are done using the computer, then your account's information will not be accessible. As usual, common sense is your best friend when using a computer that is not your own.

"Are you telling me the client is not secure?"

The official Second Life client released by Linden Lab on our SL website is secure. However, due to our viewer's open-source nature, third-party versions may be hosted elsewhere and can be made to trick you into entering your password where it may be stolen. Please read the Security section below for more details.

"Why aren't you fixing bugs? I don't care about login!"

Linden Lab has a team of developers who are constantly fixing bugs in Second Life. However, we also have developers who work on the website, the servers, and specific issues such as security, billing, and fraud prevention. WVA is being developed as a security measure in order to ensure your Second Life identity cannot by stolen or phished by malicious entities. By making your experience secure, we can save you time and money if something ever should go wrong, and allows us to devote more resources toward the ongoing development of Second Life.

"What happens when I want to use the First Look client or some other third-party application?"

Currently, these options still use the old method of logging in. WVA only applies to the main grid at this time. We will have a complete transfer over to WVA very soon and will announce when it's ready and what changes you can expect.

Why we're making this change.

Security

With Website Viewer Authentication, Linden Lab will be able to centralize its login code to our website. By doing so, we will be able to centralize our fraud prevention efforts such that we can make larger and faster changes when necessary. Since you will only have to enter your login information in one place, there should never be a need to enter your name and password into any other interface. This inherently increases your security.

  • Note: Due to the open source nature of the Second Life viewer, it is possible to create a clone of the Second Life viewer with the intent to add code which will steal your password and send it to a malicious entity. A person doing this can then host the viewer on their website saying that it is the official version, thus tricking you into downloading something that looks real but is in fact not. By logging in via the Second Life website, this kind of attack will not work against you.

Flexibility

By centralizing logins, Linden Lab will eventually be able to verify your identity for third-party applications. For example: if you wish to use an open source version of the Second Life viewer, you should not have to worry about typing in your name and password as the viewer will be able to authenticate you via our servers. This flexibility will give your Second Life presence a greater reach than just the Second Life Grid.

Persistence

When you login through the Second Life website, you will be taken to a page which will launch Second Life for you. So long as your cookie's session for the page's login is held and you launch through this page, you won't ever have to type in your name and password again until that cookie's session expires. So you can log in and out of Second Life as much as you like without having to re-type your information over and over again. Your identity will be persistent.

The Future!

Integration

Eventually, Linden Lab would like to allow Second Life identities to integrate with OpenID. The WVA changes will make this route an easier one to handle. With OpenID, your Second Life identity will be able to transfer to any other applications (eg: blogs, forums, social networking services) that wish to host OpenID capabilities in their services. It would open the possibility of logging into separate virtual worlds with your Second Life name.