First, it's a good thing that Facebook finally offers its users the most fundamental of all security measures, a secure connection to their website. Still I would have expected them to move faster, especially after the Firesheep controversies back in October.
Then to the most controversial change — the social authentication — which raises a few questions about both the security it is supposed to add and the possible effects on Facebook users' privacy.
The security failure
Consider some malicious Trojan-writer on the other side of the earth, trying to log into your Facebook account with your newly stolen password. Matching the pictures and the names presented in the social authentication should constitute a real challenge. It doesn't! Launching a google search for the suggested names, narrowed down to the Facebook site will reveal..... You guessed it! A picture of the person!
|Social authentication illustrated|