Does facebook federation have your best interests at heart
2
Does Facebook Federation Have Your Best Interests At Heart? Facebook offers Facebook Connect. Open ID offers, well, OpenID. But, does the latest craze with Facebook login integration considering the security of those of us who have sensitive information to protect? 1.) The aggressive and steadfast rise of the Cloud and its many forms, in- cluding SaaS, IDaaS, and Cloud storage. 2.) The rise of Single Sign-On (SSO), or identity management, services hosted by Facebook – as Facebook Connect and OpenID. 3.) The equally aggressive rise in the amount of hackers eager to get their hands on one of your juicy passwords. When practiced properly, the third element should not affect you in your de- cision to use the second. However, we’ve observed many cases in which a hacker would create an innocent-looking site under the guise of a Facebook log-in page and ask you for your credentials. Surely enough, you can just look at the address bar before typing any information to check whether the login page really belongs to Facebook. But, can you risk it? The problem we see now is that many websites are adopting Facebook’s “Connect” and OpenID to allow for one-click logins to access a website. You sometimes don’t even have the choice of making a separate account on that site, meaning you can’t “opt out” of these SSOs. Sure, your information stays safe with that site, but it’s also stored within a central database under Facebook’s control. While there’s nothing wrong with this, there’s just too much risk involved in putting all your sensitive data from all over the web into one massive identity bubble. www.smartsignin.com www.facebook.com/smartsignin www.twitter.com/smartsignin
-
Upload
perfectcloud-corp -
Category
Technology
-
view
355 -
download
1
description
Facebook offers Facebook Connect. Open ID offers, well, OpenID. But, does the latest craze with Facebook login integration considering the security of those of us who have sensitive information to protect?
Transcript of Does facebook federation have your best interests at heart
Does Facebook Federation Have Your Best Interests At Heart?
Facebook offers Facebook Connect. Open ID offers, well, OpenID. But, does
the latest craze with Facebook login integration considering the security of
those of us who have sensitive information to protect?
1.) The aggressive and steadfast rise of the Cloud and its many forms, in-
cluding SaaS, IDaaS, and Cloud storage. 2.) The rise of Single Sign-On (SSO), or identity management, services
hosted by Facebook – as Facebook Connect and OpenID. 3.) The equally aggressive rise in the amount of hackers eager to get their
hands on one of your juicy passwords.
When practiced properly, the third element should not affect you in your de-cision to use the second. However, we’ve observed many cases in which a
hacker would create an innocent-looking site under the guise of a Facebook log-in page and ask you for your credentials. Surely enough, you can just look at the address bar before typing any information to check whether the
login page really belongs to Facebook. But, can you risk it?
The problem we see now is that many websites are adopting Facebook’s
“Connect” and OpenID to allow for one-click logins to access a website. You sometimes don’t even have the choice of making a separate account on that site, meaning you can’t “opt out” of these SSOs. Sure, your information
stays safe with that site, but it’s also stored within a central database under Facebook’s control. While there’s nothing wrong with this, there’s just too
much risk involved in putting all your sensitive data from all over the web into one massive identity bubble.
www.smartsignin.com
www.facebook.com/smartsignin
www.twitter.com/smartsignin
The other problem is that you’re putting your information into a social net-
work with more users than the entire population of India. Here’s our take on
this:
· Facebook is not at all a discreet network. Literally anyone can see your ac-
count with the proper know-how.
· Even with a tight password, someone will find a way to access your ac-
count. You stick your head out of the water even further by interacting on the network. Just look at what happened to Facebook’s own creator early in 2011. It’s an embarrassing situation! Later that year, something even more
embarrassing happened.
· You expose yourself to too much of an information give-away, as Facebook has been known to give information about its users to others from time to
time.
Now you’re probably thinking about…
What to Do
We’re not trying to tell you to stop relying on websites that integrate Face-book Connect or other types of SSO login solutions. It’s understandable that you don’t want to splash different copies of your identity everywhere on the
web. But try using these features on casual websites as much as you can.
If you want an SSO solution, opt for something better that will protect multi-ple identities, not one single giant blob waiting to burst. Secure SSO should
be used with important identities, such as your own website’s authentication and payment gateways. SmartSignin comes to mind, giving you the ability to
store multiple different user names and passwords into one database. Since it’s not a social network, it won’t be out in the open. The interface allows you to perform one-click sign-ins from a single point without having to worry
about security or a vindictive person trying to batter your account into sub-
mission.
Think about it. You invest a lot of your identity into the Internet. Don’t allow someone to sweep in and use your identity in malicious ways. Choose a solu-
tion that will allow you to have several layers of fortification in front of you.
www.smartsignin.com
www.facebook.com/smartsignin
www.twitter.com/smartsignin
