Talk:Viewer Authentication

From Second Life Wiki
Revision as of 22:09, 28 September 2007 by Argent Stonecutter (talk | contribs)
Jump to navigation Jump to search

I am sorry but the incidences of account hijacking from persistant logins is going to be FAR greater than incidences from phishing.

How you can actually write something like "So long as you are logged into the website on someone's else computer, they will be able to gain access to your account" and then continue on with the idea /at all/ is astonishing.

Log into web site and launch SL? That's fine by itself. "There" worked that way and it was ok, not as good from a pure usability standpoint but ok..., but it it /cannot/ be persistant. We are talking about real money theft here. This is a lowering of security not an increase in it. And I know that other people do it and there is a "remember password" checkbox on the viewer but that doesn't excuse this. If increasing security is actually the goal, persistant logins anywhere are an about face to it.

This is like snogging SARS patients to improve your health.

Web based UIs are the #1 tool for phishing. The most commonly used web browser in the world is not just insecure, it has security holes that can not even in theory be fixed. It has been a running gag for 10 years now. And if you're worried about people using open source software for phishing, the popular open source browsers are actually MORE secure than the native ones on BOTH Windows and OS X.

On Linux, ALL the browsers are open-source.

This change will reduce reliability, reduce security, and reduce people's confidence in SL. If anything, you should be centralizing logins in the client and have it handle authenticating the browser, not the other way around. -- Argent Stonecutter 22:09, 28 September 2007 (PDT)

Retrieved from "https://wiki.secondlife.com/w/index.php?title=Talk:Viewer_Authentication&oldid=33648"