The document discusses concerns with using Facebook login integration and single sign-on services for sensitive accounts. It notes that consolidating all account information into one identity on Facebook poses security risks, as Facebook profiles can be easily accessed and the company has shared user data before. The document recommends using single sign-on services like SmartSignin that are not social networks and can better protect multiple identities with separate usernames and passwords.
Handwritten Text Recognition for manuscripts and early printed texts
Does facebook federation have your best interests at heart
1. www.smartsignin.com
www.facebook.com/smartsignin
www.twitter.com/smartsignin
Does Facebook Federation Have Your Best Interests At Heart?
Facebook offers Facebook Connect. Open ID offers, well, OpenID. But, does
the latest craze with Facebook login integration considering the security of
those of us who have sensitive information to protect?
1.) The aggressive and steadfast rise of the Cloud and its many forms, in-
cluding SaaS, IDaaS, and Cloud storage.
2.) The rise of Single Sign-On (SSO), or identity management, services
hosted by Facebook – as Facebook Connect and OpenID.
3.) The equally aggressive rise in the amount of hackers eager to get their
hands on one of your juicy passwords.
When practiced properly, the third element should not affect you in your de-
cision to use the second. However, we’ve observed many cases in which a
hacker would create an innocent-looking site under the guise of a Facebook
log-in page and ask you for your credentials. Surely enough, you can just
look at the address bar before typing any information to check whether the
login page really belongs to Facebook. But, can you risk it?
The problem we see now is that many websites are adopting Facebook’s
“Connect” and OpenID to allow for one-click logins to access a website. You
sometimes don’t even have the choice of making a separate account on that
site, meaning you can’t “opt out” of these SSOs. Sure, your information
stays safe with that site, but it’s also stored within a central database under
Facebook’s control. While there’s nothing wrong with this, there’s just too
much risk involved in putting all your sensitive data from all over the web
into one massive identity bubble.
2. www.smartsignin.com
www.facebook.com/smartsignin
www.twitter.com/smartsignin
The other problem is that you’re putting your information into a social net-
work with more users than the entire population of India. Here’s our take on
this:
· Facebook is not at all a discreet network. Literally anyone can see your ac-
count with the proper know-how.
· Even with a tight password, someone will find a way to access your ac-
count. You stick your head out of the water even further by interacting on
the network. Just look at what happened to Facebook’s own creator early in
2011. It’s an embarrassing situation! Later that year, something even more
embarrassing happened.
· You expose yourself to too much of an information give-away, as Facebook
has been known to give information about its users to others from time to
time.
Now you’re probably thinking about…
What to Do
We’re not trying to tell you to stop relying on websites that integrate Face-
book Connect or other types of SSO login solutions. It’s understandable that
you don’t want to splash different copies of your identity everywhere on the
web. But try using these features on casual websites as much as you can.
If you want an SSO solution, opt for something better that will protect multi-
ple identities, not one single giant blob waiting to burst. Secure SSO should
be used with important identities, such as your own website’s authentication
and payment gateways. SmartSignin comes to mind, giving you the ability to
store multiple different user names and passwords into one database. Since
it’s not a social network, it won’t be out in the open. The interface allows you
to perform one-click sign-ins from a single point without having to worry
about security or a vindictive person trying to batter your account into sub-
mission.
Think about it. You invest a lot of your identity into the Internet. Don’t allow
someone to sweep in and use your identity in malicious ways. Choose a solu-
tion that will allow you to have several layers of fortification in front of you.