[sldev] [PROPOSAL] Authentication Model

[Harold Brown]

Considering I never once mentioned fraud / anti-fraud... yes you are correct
it has nothing to do with fraud, other then as a login method that consists
of a piece of information held by the Linden Labs servers that can only be
identified by the account owner.

The authentication model proposed by Linden Labs was nothing more or less
then exactly what my proposal was.  A method to allow an untrusted client
the ability to log onto the grid without having access to your full
credentials.

Why is this important?  Because once you have the username and password to
the account, you have full access to use that accounts payment information
to buy lindens or sell lindens, change the account password, etc.

Yes a compromised client can delete your items, transfer your lindens on
hand, etc.  But having the Username and Password currently gives you even
more access to the account.


On 10/2/07, Dzonatas <dzonatas at dzonux.net> wrote:
>
> Harold Brown wrote:
> > PROPOSAL:
> > Each user should (at account creation, or after logging in to the
> > system for the first time without this enabled) upload a personal
> > image.  This image should be something that they can easily identify
> > from a group of images at login.  When logging in the system should
> > present a preset number of images that the user must select their
> > personal image from.  Upon presentation the images must have a randomly
> ...
>
>
> Your proposal is not an anti-fraud measure. It may help prevent phishing
> attacks, but it gives no ability to aide in anti-fraud.
>
>
> --
> Power to Change the Void
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20071002/9c02192a/attachment.htm