On Wednesday 22nd September Linden Lab announced an additional way for Second Life residents to protect their accounts. The Multi-Factor Authentication (MFA) is now available to all residents and it provides an extra level of security.
MFA is an industry standard and there is now the option to opt-in by visiting the MFA status page.
The blog post reads this….
Today we’re introducing an additional way for you to protect your account!
Multi-Factor Authentication (MFA) is now available to all residents on their accounts. MFA is an additional step to prove your identity before gaining access to sensitive information or actions on your account. It provides an extra layer of security to supplement your username and password. Widely adopted by many products, MFA is an industry standard.
How does it work? You can learn more about MFA, find out what you’ll need to do, and activate it in the knowledge base article!
You will need to take action in order to activate MFA. It is entirely opt-in. Go to accounts.secondlife.com/mfa/status and get started!
Note: MFA adds protection only to your accounts.secondlife.com login. MFA does not affect how you log in to the SL Viewer. If you activate MFA, you should continue to change your password regularly and choose strong passwords.
In future releases we plan to extend MFA’s protections to additional pages on secondlife.com, the marketplace, and the viewer. We are also exploring an email-based implementation.
There is a useful FAQ on the MFA Settings page worth reading through.
What is MFA?
Authentication is how Second Life knows it’s you attempting to log in, by verifying the username and password you provide. When authentication involves only a username and password, it is known as single-factor authentication. MFA adds another layer of security. MFA is not unique to Second Life. It is used by many products.
Why might I want to use it?
Activating MFA provides additional protection against unauthorized action on your account, such as changing your payment method, changing your password, or performing L$ transactions.
How does it work?
MFA requires an authenticator app on your mobile device which generates secret codes (called “tokens”). When you log in, Second Life connects to the authenticator app to make sure the token you provide matches the one generated by the authenticator app.
MFA adds protection only to your secondlife.com login. MFA does not affect how you log in to the SL Viewer (desktop app). Even if you activate MFA on your account, you should continue to change your password regularly and choose strong passwords.
MFA is opt-in. You are not required to use it. You can turn off MFA at any time.
How do I set up MFA on my secondlife.com account?
To turn on MFA you will need to:
Install an authenticator app on your mobile device. We do not supply this app or directly support any third party app, but we have tested Google Authenticator with this feature.
From your mobile device, connect the authenticator app to Second Life.
On secondlife.com, enter tokens that the authenticator generates.
We will take you through these steps in more detail when you set up MFA.
How will MFA change how I use Second Life?
After you turn on MFA, accessing secondlife.com will be a little different. Some pages may prompt you for a token in order to continue. Your browser will remember that you have been authenticated, but you will periodically be asked for a new token. If you use a new browser to access secondlife.com or you clear secondlife.com cookies, or if it’s simply been a while since you entered a token, you will be asked for a new token. You will never use the same token twice, so there is no need to remember it, write it down, or keep it secret.
If anyone has any problems then Second Life Support is the best way of resolving it before and after you turn on MFA.
In the near future Linden Lab plan on extending MFA’s protections to additional pages on secondlife.com, the viewer and the marketplace etc. Email based implementation is in the works apparently.