Facebook offers Facebook Connect. Open ID offers, well, OpenID. But, does the latest craze with Facebook login integration considering the security of those of us who have sensitive information to protect?
Does facebook federation have your best interests at heart
www.smartsignin.com www.facebook.com/smartsignin www.twitter.com/smartsigninDoes Facebook Federation Have Your Best Interests At Heart?Facebook offers Facebook Connect. Open ID offers, well, OpenID. But, doesthe latest craze with Facebook login integration considering the security ofthose of us who have sensitive information to protect?1.) The aggressive and steadfast rise of the Cloud and its many forms, in-cluding SaaS, IDaaS, and Cloud storage.2.) The rise of Single Sign-On (SSO), or identity management, serviceshosted by Facebook – as Facebook Connect and OpenID.3.) The equally aggressive rise in the amount of hackers eager to get theirhands on one of your juicy passwords.When practiced properly, the third element should not affect you in your de-cision to use the second. However, we’ve observed many cases in which ahacker would create an innocent-looking site under the guise of a Facebooklog-in page and ask you for your credentials. Surely enough, you can justlook at the address bar before typing any information to check whether thelogin page really belongs to Facebook. But, can you risk it?The problem we see now is that many websites are adopting Facebook’s“Connect” and OpenID to allow for one-click logins to access a website. Yousometimes don’t even have the choice of making a separate account on thatsite, meaning you can’t “opt out” of these SSOs. Sure, your informationstays safe with that site, but it’s also stored within a central database underFacebook’s control. While there’s nothing wrong with this, there’s just toomuch risk involved in putting all your sensitive data from all over the webinto one massive identity bubble.
www.smartsignin.com www.facebook.com/smartsignin www.twitter.com/smartsigninThe other problem is that you’re putting your information into a social net-work with more users than the entire population of India. Here’s our take onthis:· Facebook is not at all a discreet network. Literally anyone can see your ac-count with the proper know-how.· Even with a tight password, someone will find a way to access your ac-count. You stick your head out of the water even further by interacting onthe network. Just look at what happened to Facebook’s own creator early in2011. It’s an embarrassing situation! Later that year, something even moreembarrassing happened.· You expose yourself to too much of an information give-away, as Facebookhas been known to give information about its users to others from time totime.Now you’re probably thinking about…What to DoWe’re not trying to tell you to stop relying on websites that integrate Face-book Connect or other types of SSO login solutions. It’s understandable thatyou don’t want to splash different copies of your identity everywhere on theweb. But try using these features on casual websites as much as you can.If you want an SSO solution, opt for something better that will protect multi-ple identities, not one single giant blob waiting to burst. Secure SSO shouldbe used with important identities, such as your own website’s authenticationand payment gateways. SmartSignin comes to mind, giving you the ability tostore multiple different user names and passwords into one database. Sinceit’s not a social network, it won’t be out in the open. The interface allows youto perform one-click sign-ins from a single point without having to worryabout security or a vindictive person trying to batter your account into sub-mission.Think about it. You invest a lot of your identity into the Internet. Don’t allowsomeone to sweep in and use your identity in malicious ways. Choose a solu-tion that will allow you to have several layers of fortification in front of you.