Second Life Multi-Factor Authentication: the what and how

via Linden Lab

Linden Lab has announced the initial introduction of Multi-Factor Authentication for Second Life accounts, and has done so in request to numerous requests for increased account security from users to protect personal data.

Traditional user name and password requirements (referred to as single factor authentication) have long be regarded as vulnerable to hacking – up to and including “long” passwords involving alpha-numeric combinations, as the recent publishing by hackers of a 100GB text file of 8.4 billion passwords demonstrated. Multi-Factor Authentication (MFA) adds an additional layer of protection when accessing personal or protected information on-line, and does so by using a combination of elements.

Rather than relying just on something you know (your user name and password), MFA requires a combination of something you know, together with at least one of something you have (such as a electronic token /device capable of generating such a token, something inherent to you (e.g. a fingerprint, your voice, etc), or where you are (e.g. using a specific network connection or via GPS location).

Of these, Linden Lab is implementing MFA based on something you know – your user name and password – and something you have, in this case an authentication token in the form of (preferably) a 6-digit code that can be generated via a user’s smartphone or tablet from a unique QR code from Linden Lab.

With the introduction of MFA, it is important to stress – as noted in the official documentation – that:

  • It is entirely opt-in: you decide if you want to use it or not.
  • It is currently only being applied to the sensitive account information accessed via Account drop-down menu on the left of your Second Life dashboard (so the options relating to account password change, payment method change, transaction information, e-mail settings, etc.).
    • It does not currently impact or change how you log-in to Second Life using any viewer / client.
    • It will be extended across further Second Life web properties (e.g. the Marketplace, etc), in time, and eventually to the viewer as well.
  • E-mail authentication is being developed.
  • Information and initial instructions for setting-up MFA can be found here.
  • Even with MFA enabled, you should still routinely change your Second Life password, using strong and unique options in accordance with best practice.

Setting-Up MFA

Setting-Up MFA is actually relatively straight-forward, and is carried out from your account dashboard via Account → Multi-Factor Authentication.

Selecting this option will display an initial page outlining the process, together with a Get Started button at the bottom.

Accessing the MFA set-up page, and the QR Code / set-up key page (see below)

To complete the process, proceed as follows:

  1. Install a suitable MFA app on a device with a camera (if using the QR code approach). I opted to use Google Authenticator.
  2. Read the introduction notes via Account → Multi-Factor Authentication (above left) and click the Get Started button.
  3. A page will be displayed on your screen with a unique QR code and set-up key.
    • Make sure you make a note of the set-up key – you may need this to help unlock your account should you be unable to use your authenticator of choice.
    • If you are using the set-up key alone, skip to step 6.
  4. Launch your authenticator app and select the option to scan a QR code, then:
    • Point the camera to the QR code on your screen so it is centred within the frame / cross hairs.
    • When positioned correctly, the  authenticator app should automatically capture an image of the QR code (or if a button is available to tap, tap that.
  5. The app will update to show a page that displays your Second Life account name and a 6-digit account token (2 groups of 3 numbers separated by a space).
    • Note this code will update every 30 seconds.
  6. Click Continue on the MFA set-up page. It will update to prompt you to enter two tokens into two fields on the page (see below).
    • If you are using the 6-digit token generated by the QR code, type the displayed code (including the space) into the first field.
    • Wait for the display yo update with a new 6-digit token, then enter the second code into the second token field.
    • If you are using the set-up key, enter this into each field.
  7. Click Activate MFA.
  8. Providing you have done everything correctly, you’ll be informed MFA is now successfully active on your account.
Entering the tokens generated by your MFA app: one unique token per field, as generated by the authenticator app. If you are using the set-up key given on the MFA page, enter that.

How it Works

When MFA is active on your account, clicking any option in the Account drop-down menu to which it has been applied will display an MFA Challenge page.

The account options that – at the time of writing – will present the MFA challenge page. Use your MFA app to obtain a 6-digit code

The MFA Challenge page requires you enter one new token, as generated via your MFA app (or use of the set-up key). Just open the app, select your Second Life account (if using MFA on more than one account – if you are using MFA on just a single account, it will be displayed be default), and then enter a fresh 6-digit code as generated by the app.

Removing MFA

As the official documentation notes, you can disable MFA at any time using Account → Multi-Factor Authentication, entering a code from your app OR enter your set-up key and then click on the Remove MFA button.

Official MFA Links

Mojo Linden, the Lab’s new Engineering VP discusses SL at TPVD meeting

Andrew Kertesz

Linden Lab’s new Vice President of Engineering, Mojo Linden (aka Andrew Kertesz) dropped into the Third party Viewer Developer meeting on Friday, September 17th, both to say a few words and field some questions. These notes offer a summary of his  comments, together with some audio extracts.

When reading / listening to the following please note:

  • The bullet points within the topics are designed to help provide context to the audio.
  • Unlike my usual approach, I have not attempted to group comments by topic per se, but have ordered things as they were discussed through the TPVD meeting, so that the notes and audio extracts here do parallel the video recording of the TPV meeting, which is embedded at the end of this piece.
  • The audio extracts have been edited to remove pauses, repetitions, etc., and to remove break-in comments from others at the meeting. However, in doing this, every attempt has been made to maintain the actual context and meaning of Mojo’s comments.

Mojo’s Background

  • Mojo started his career at Microsoft, spending over 16 years working on a variety of products and services: Visual Studio, the DirectX API, XBox development (technology and game development). This also saw him help establish the Forza Motorsport Studio and work on a lot of the major Microsoft games like Halo.
  • Joined a former CTO for XBox at IGT (International Game Technology), a company producing slot machines, where he worked in a highly regulated software environment.
  • Moved on to Double Down, another gambling / gaming group, where he worked on mobile apps.
  • Thereafter moved to Level Ex, a company specialising in making games specifically aimed helping doctors face the chellenges of modern medical practice.
  • Developed a significant interest in virtual worlds and virtual spaces, which led him to join Linden Lab.

On performance and General Improvements

Mojo Linden

Following his comments about working on DirectX APIs, Mojo was asked if enhancing the viewer’s rendering capabilities would be a focus for him in terms of determining projects at the Lab, and also responding to comments about the value of working to fix issues and properly polish features and capabilities, rather than trying to push “big” new features.

  • As he was unclear on all the the Lab’s preferences regarding mentioning specific projects and times lines, was understandably cautious about talking in detail about specific projects.
  • Having had exposure to graphics APIs has an interest in improving rendering in Second Life.
  • However, has a broader interest in improving overall performance, which he sees as much a part of the platform’s feature set as any new features.
  • Agrees with the view that many users would prefer to see fixes and improvements to current capabilities rather than a massive push for new shiny features, and notes that the Lab is looking to “delight” its user community.
  • Acknowledges the point-of-view that functionality isn’t always delivered in a manner users were expecting it to work and that capabilities can be delivered / added, but then fail to receive the degree of polish that would make them more fully usable.
  • Indicated that LL have been discussing different lighting models  – and in doing so mentioned he has been made fully aware of the expectation among many users that whatever is introduced does not “break” existing content, etc.
  • Recognises that SL has a lot of users with a deep understanding of the platform, and is already thinking on ways that could be leveraged to help expand the platform and give practical improvements.
  • In this latter regard, he realises that TPVs have done a lot of work in the area of performance for themselves, and is keen to explore how this work can be better leveraged.

About Avatars, Complexity and Performance

  • Recognises that unbounded avatars with high complexity are not good for performance.
  • Questioned whether it is better to throw controls and options at users for them to deal with performance issues they hit, or whether it would be better for the viewer to deal with matters more inherently, based on the user’s system.
    • An example of this might be the viewer being able to more intuitive handle very complex avatars though automated imposter, etc., based on the capabilities of the system being used to run the viewer, etc.
  • During the discussion, Vir gave a brief recap on project ARCTan (the work to realign complexity calculations, starting with avatars), and Mojo questioned whether the user community is offering potential solutions (Beq Janus and Elizabeth Jarvinen (polysail) have been looking extensively at the question of avatar meshes – see my CCUG / TVPD meeting notes for more on this).
  • Is aware of the issues of avatar customisation, and is open to hearing back from those who directly face the issues new users have with their avatar looks, etc., on what might be done to improve things.

(My apologies for the sound balance in the extract below – the recording software went slightly wonky during the mid-point of recording the meeting, and attempts to re-balance after the fact didn’t exactly work…)

On Making Changes and Bringing New Users to the Platform

  • (Alexa Linden pointed out that Mojo has been through the avatar selection / customisation and experiencing its pinch-points, and since joining the Lab has been spending time in-world exploring.)
  • In terms of changes and improvements, Mojo is very aware that users can be resistant to change, particularly around things like the UI, where muscle memory plays a big role and people are simply unwilling to learn how to do things differently.
    • Alexa noted that Lindens are not immune to this, and the push-to-talk change in the current RC viewer has resulted in much internal grumbling about having to change behaviour.
  • He is very aware that the viewer has to address (broadly speaking at least) two different audiences: those who simply want to come aboard Second Life and grip to grips with the basics, and those who are more experienced in using the platform and want to carry out more advanced activities.
  • In this, he (again) recognises the value of TPVs and the commitment of the user base as a whole to Second Life and its growth, and so is interested in exploring opportunities for his own engagement with assorted parties via meetings and other possible forums of exchange / engagement. As such, he intends to drop into things like the TPVD meetings as often as he can – particularly if there is specific news to announce.

For completeness, here’s the video of the TPVD Developer meeting with Mojo’s input:

In the press: Second Life, Tilia Pay & the Metaverse

Friday, September 3rd saw an article by VentureBeat’s Dean Takahashi – no stranger to Linden Lab, Second Life and LL – doing the rounds, entitled Will the metaverse bring the second coming of Second Life? While I personally find the term “the metaverse” to be one of the must frequently over-hyped / over-used terms in recent years, Takahashi’s article makes for an interesting read on a number of levels.

The first is that VentureBeat is a well-regarded tech news and events on-line magazine that includes the supplement GamesBeat that focuses on the world of computer, mobile and video games. Between them, they draw down some 6 million unique visitors a month and 12 million page views. That’s potentially a lot of exposure for articles within the publication, and Takahashi’s article was a headline piece for GamesBeat’s front page (although it has since slipped down the ranking somewhat).

Dean Takahashi, lead writer, GamesBeat

The initial part of the article is something of a re-tread of Second Life’s history for those of us familiar with the platform. While the ground covered may well be familiar (and the quoted numbers possibly subject to quibbling in some quarters), this re-treading nevertheless frames SL for those not familiar with it or were unaware it is still around and doing moderately well for itself.

This part of the article also helps frame Linden Lab as an “elder statesman” (so to speak) of the user-generated content frontier, having long since tackled many of the issues and hurdles that those attempting to now define and provide “the metaverse” are just starting to tackle. All of which makes for good reading and certainly helps carry the message that in this day of Facebook, Microsoft, et al trying to foist their visions of what “the metaverse” should be, Linden Lab has the right to say, “been there, done that – and still doing it!”.

However, it’s the latter part of the article that drew my focus, with its referencing of both Tilia Pay and recent moves on the part of the Lab to develop “partnerships” to try to “grow” SL. Both of these are also parts of the article I’ve witnessed as causing some negative gnashing of teeth in some circles, which has also framed my thinking in writing this piece.

In particular, Takahashi’s revelation that Tilia Pay has cost Linden Lab $30 million has raised eyebrows and some grumblings about what this might mean for Second Life’s future.

via the Tilia Pay website

This needs a little context. While LL has spent what seems like a huge amount of money on Tilia, as Takahashi notes, it has been over a 7-year period, starting not long after Ebbe Altberg joined Linden Lab as CEO, and the initial expenditure was required; as Takahashi goes on to point out, for a company like LL to be able to make pay-outs to users (and generally handle fiat money on behalf of its users) it must comply with a range of US federal, state, and international regulations.

In terms of US requirements, this has meant LL had to become a licensed money transmitter at both the federal and state levels – a move more easily achieved by ring-fencing the services that handle all payment processing / transfer into an entity of their own. Had it not do so, then LL would have hit a wall in its ability to make pay-outs. Beyond this, Tilia Pay’s regulated services benefit Second Life in a number of other ways (allowing the use of credit / debit cards within services such as the Marketplace through to assisting with overall user account management and security, for example).

Obviously given a large amount has been sunk into Tilia Pay, it is natural for the Lab’s new owners to want to leverage this expenditure. But this doesn’t mean Tilia Pay and Second Life are, or will become, an “either / or” proposition for the Lab’s future direction.

Rather if Tilia can be made a success, it would mean that Linden Lab – after more than a decade of trying – has gained a second revenue stream it can utilise to help it remain viable moving into the future. Further, it’s long been the philosophy at LL that as long as SL has users enough to ensure it remains a healthy generator of revenue / income, there is little reason to shut it down / sell it, and I’d question this philosophy being radically altered by the success of a second product within the company’s portfolio.

At the end of the piece, Takahashi brings in the subject of Zenescope, and LL’s focus on “partner collaborations”. This appears to be part of what has been referred to as the drive to grow the user base.

It’s not necessarily a bad idea – working with organisations that have established audiences of their own and which could leverage Second Life to add a new dimension of engagement for those audiences. However, it is one that has some significant hurdles to clear: attractions have to be built-out, events need to be organised and run at a tempo that keeps an incoming audience engaged and coming back at a reasonable cadence to make the effort worthwhile, and their must be a path to a practical return on the investment made (time, effort money), and so on; to say nothing of getting people into the experience and comfortable with the viewer UI.

Zenescope Metaverse a new partnership endeavour involving Linden Lab opened in August 2021, but failed to capture the imagination for me See: The Zenescope Metaverse In Second Life

There’s also the question that, even if successful in bringing an audience to Second Life, just how well such partnerships might actually convert members of the audience into engaged Second Life users – something that will be an important measure of success by the current user base, if not necessarily to LL or their partners, who will likely use other criteria to measure the success of these ventures.

In mentioning such partnerships, Takahashi’s piece open the door to broader thinking around where LL might potentially go with this idea in the wake of of the move to AWS.

For example, it’s already been hinted that at some point, LL might look to offer an “on-demand” product. Doing so could potentially be advantageous to potential partners, in they it present a way for them to offer their users experiences in Second Life at a more advantageous price that a 24/7 product that might only be used once or twice a week. Beyond this, there is the question of whether LL might consider entirely private grids for dedicated partners / clients / markets, and even white-labelling such a capability if they did so (thus essentially providing a Second Life Enterprise style of product in a manner and cost that would be far more appealing that that endeavour).

However, given these thoughts do go beyond the article, I’ll put them to one side for now, and just say that if you haven’t already done so, I do recommend giving Will the metaverse bring the second coming of Second Life? a read.

The Zenescope Metaverse in Second Life

Zenescope Metaverse – now open in Second Life (image unretouched)

I was one of many who received an invitation to preview the latest partnership activity Linden Lab has entered into as then seek to encourage new audiences into Second Life. Officially opened from 08:00 on Wednesday, August 4th, 2021, The Zenescope Metaverse is the second such experience to open within Second Life recently,  the other having been the (relatively low-key) opening of Film Threat, details of which are available within the Destination Guide.

Zenescope Metaverse has been developed in partnership with Zenescope Entertainment Inc.,  a comic book and graphic novel publisher perhaps best known for series such as Grimm Fairy Tales and its off-shoots, which recount classic fairy tales and gives them a modern twist; the Wonderland series (off-shoots of Lewis Carroll’s books); novels focused on the likes of Van Helsing (which inspired the TV series of the same name), and others, and a range of comics / graphic novels spun-off from a range of film and TV series such as Final Destination, Se7en, Charmed, and Vikings, and more.

All of which would suggest there’s some potentially tasty meat in which fingers, claws, mandibles, etc., can be dug, to provide a tasty filling of fun and Second Life. Or so you’d think – but let’s come back to that in a moment.

Zenescope Meataverse: Jabberwocky (lightly post-processed)

As with the Film Threat experience, the requested way for people to get to the Zenescope Metaverse region(s – there are four at present, plus a fifth the appears reserved for “VIPs”) is via a dedicated Zenescope Portal (In fact the two portal areas are practically clones of one another).  I’ve no idea if Zenescope themselves will be providing a gateway into Second Life from their own website (or at least to the dedicated SL Landing Page, but the portal area includes a couple of video stations that will play Strawberry Linden’s How to Get Started in Second Life video. These bracket the main experience portal, which visitors are invited to walk through to be delivered to one of the Metaverse Experience regions proper.

These regions are – as you would expect – all identical to one another. They are built around a central plaza space, which at the time of my visit was set out for what I assume might be some kind of opening event. Flanking this one two sides are Zenescope merchandise stores offering a mixed of clothing, character outfits, branded t-shirts, avatar accessories  and décor items in a pair of shops (duplicated on either side of the square). Beyond the square, through an archway is a large mansion that appears to hold promise, but outside of “hiding” a quest token, is actually “for another time”.

The quest itself is HUD-based, with the Hub close to the landing point providing the basics and the HUD itself. The idea here is to gather token that will allow your to continue on through to “Chapter 2” of the experience – this region being “Chapter 1”. Around the rest of the region are locations apparently lifted from various Zenescope series  – such as a ruined temple, Rockman’s Fast Food joint, an animated Jabberwocky, etc., which are included in the quest, together with a game of miniature golf and a trip through a maze.

Zenescope Metaverse: a not-so-subtle hint to touch the bunnehs!

There are also freebies to be had for those that mouse around – some obvious, some not so (e.g. the duck you “follow” through the maze, and which sits on the far side. There’s also at least one diversion to another setting, and a couple of points that – like the mansion – are apparently “for future use”, with the Zenescope folk promising “tons of new stuff over the next few months”. And it is with this that I had some problems.

A promise of things to come is always good – but it is the here and now that most people are concerned with; and in this regard, I have to say that exploring the environment as it currently is, left me entirely underwhelmed. OK, so I’m a long-term SL user, so something like this is bound to have a “been there, done that” feel to it. But even trying to put myself in the mindset of an incoming new user familiar with Zenescope and attracted by something “new” to the brand, what is presented here feels empty, and far from the promise of the promo video (embedded at the end of this piece).

Zenescope Metaverse: did I drink from the bottle, or slip into fee-fih-foh-fum land?

Zenescope  clearly has a richness of narrative that could so easily be mined: Grimm, Van Helsing, et al. But outside of the merchandise and a handful of static places in the region, it’s not unfair to say next to none of this is present here. Even the quest comes over as a damp squib: gather you tokens, find the portal to “Chapter 2”, and then discover its promise is – wait for it – “Coming Soon”. Bleah.

And while there is a “reward” for gathering all the tokens, the fact that it is a folder of very mildly amusing signs an avatar can hold isn’t really that rewarding – or really related to anything Zenescope (although they could obviously find use elsewhere). But why not a Zenescope t-shirt or some other trinket of merchandise as well?

Now, in fairness, the set-up could be the result of constraints placed on LL by Zenescope Entertainment. In which case, they are more the fools; because in trying to wear the hat of a Zenescope reader, I have to say that were I entering a 3D world that promises the chance to explore the places I’ve read about, experience becoming a character I love – then frankly, this experience really doesn’t cut it at present. Even the region’s EEP settings (apparently chosen so as not to over-tax incoming users’ machines) is, frankly, bland. Why not something just slightly darker or unusual?

Zenescope Metaverse: the (largely) “for another time” mansion

Of course, some of this may come with “Chapter 2” and beyond. Again, fair enough; but while hanging everything with comments that it is “for another time” and “Coming Soon” might well be a way for Zenescope to test the water, it also runs the risk of invoking a “meh” reaction in their readers and – equally importantly – if they want to attract established SL users to their brand, then that “meh” reaction risks being repeated – as a non-Zenescope reader, I admit I was hardly rushing to find out more about them. Which perhaps isn’t the best of results, either way.

This is made all the more unfortunate, because elsewhere LL have gone the extra mile: there is the dedicated Zenescope Second Life Landing Page mentioned earlier, supported by a dedicated Welcome to the Zenescope Metatverse Second Life community page that is clearly geared towards those coming into SL for the first time. All of which might come to be an under-utilised effort.

But that is just my view; and God knows, I’ve been wrong before! 🙂 . In the meantime, the Zenescope Metaverse is now open, so you can drop in and take a look for yourself, and I’ll just leave you with the promo video.

Related Links

 

 

 

Lab announces the ending of gacha machines in Second Life

via Linden Lab

In what is going to be seen as a highly unpopular move, Linden Lab has announced that the use of gacha machines within Second Life must be discontinued by content creators by the end of August, 2021.

To avoid and misrepresentation of the Lab’s decision, I’m reproducing the official announcement below:

Due to a changing regulatory climate, we’ve had to make the difficult decision to sunset a very popular sales mechanism for content in Second Life.  It’s widely known as “gacha”, and is defined by a chance-based outcome as a result of a payment.  
We know that creators plan their content releases far in advance and will need to re-tool their products, so to mitigate the impact to those affected, we are giving a 30-day grace period, until midnight SLT on August 31.  After that time, selling content via gacha machines will no longer be permitted in Second Life.  Enforcement won’t start until September 1; after that date an Abuse Report for “Gaming Policy Violation” will be the preferred method of reporting this content to Linden Lab.  
We will continue to allow any sales where a payment is given for a known item, which means that items that had been purchased as “gacha” will be allowed to be re-sold as long as the buyer knows in advance the item and quantity they will receive. We will, of course, still allow fatpacks, and any other currently-allowed distribution mechanisms. 
We did not make this decision lightly and we understand that it will impact creators as well as event organizers and certainly the shoppers! We look forward to fun creative ways of engagement that will come instead.

While the decision is going up upset some content creators and disrupt certain sales events, the likely cause of this change is due to countries increasingly regarding the use of loot boxes (of which gacha machines are a form) as a means of gambling, and introducing regulation and legislation regarding their use. In the United States, a number of states have also introduced legislation on the use of loot boxes and similar over the last 2-3 years, and a proposed federal bill on the matter expired at the start of 2021 – which does not mean federal, as well further state-level legislation, will not be forthcoming.

Those with questions / concerns about the decision, can voice them via the official forum thread on the matter, which the Lab has indicated it will monitor and attempt to reply to questions raised.

 

Updated to add a missing “proposed” from the penultimate paragraph.

Looking at the (award-winning) Second Life video ad

A still from Children of Creation, Linden Lab / Leverage Media

During the Lab Gab special on Monday, June 21st, that featured board member and Executive Chair Brad Oberwager (Oberwolf Linden) and the SL leadership team of Grumpity, Patch and Brett Linden, a “commercial break” was taken to show – I believe for the first time – a complete advertising cut of the video filmed for Second life as a collaborative project between Linden Lab and  Levitate Media.

I’ve extracted the video via timestamps and embedded it at the end of this article so it can be seen without the interviews that come on either side of it, and during the show, Brett linden revealed more about it:

  • The overall project for the video has the internal title at the Lab of The Children of Creation.
  • The version shown (and embedded below) is one of several cuts of the recorded film, and is specifically geared towards teasing out the ideas of freedom of expression and imagination taking flight, hence the emphasis on flying.
  • Other cuts of the video (I believe from Brett’s comments) emphasise Second life in other ways, some offering a “considerable amount” of Second Life footage, and a “directors cut” that does not really show the virtual world, but acts as a teaser.
  • The ad (as seen here) was entered into the 2021 Telly Awards for artistic achievement in video advertising, where it received the following adjudicated awards:
    • Gold Telly winner – Online Commercials Craft-Visual Effects.
    • Gold Telly winner – People’s Telly General-Online Commercials.
    • Silver Telly winner – Online Commercials Craft-Music/Jingle.
    • Silver telly winner – Online Commercials Craft-Directing.
  • The video is regarded as a “concept  ad” and has not as yet been widely deployed as a part of any advertising or other campaign. However, there are plans to discretely test some of the edits (including the “director’s cut”).

You can list to Brett’s comment on the ad below:

Personal Viewpoint

From a purely personal perspective, I think the advert as shown works pretty well; the images are well-matched to the narration, and the overall impact is the idea of liberation and freedom of expression. The intercuts of changing avatar appearances particularly underscores this, as do more subtle elements (take the still used as the banner image for this article, for example – the person / avatar flying away from the bright “Hive” sign, alluding to escaping humdrum, unified thinking and moving to new horizons). There is also a good sense of mystery to the ad that present the encouragement to go find out more about what it means

However, I have to caveat this by saying the phrase “if you’re travelling beyond this life” perhaps doesn’t sit as well as it might, given that terms like “beyond this life” are often using in reference to people passing on. This and other phrasing in the video might push uninitiated ears towards thinking the add is about some kind of cult or similar, rather than promoting a digital world; perhaps “beyond this world” might have been a better choice of words.

I’d be curious to learn how well the ad (and variations thereof) sit with assorted audiences, and maybe we’ll find out in time. For now, however, here’s the ad as shown during Lab Gab.

Additional Links