First, it's a good thing that Facebook finally offers its users the most fundamental of all security measures, a secure connection to their website. Still I would have expected them to move faster, especially after the Firesheep controversies back in October.
Then to the most controversial change — the social authentication — which raises a few questions about both the security it is supposed to add and the possible effects on Facebook users' privacy.
The security failure
Consider some malicious Trojan-writer on the other side of the earth, trying to log into your Facebook account with your newly stolen password. Matching the pictures and the names presented in the social authentication should constitute a real challenge. It doesn't! Launching a google search for the suggested names, narrowed down to the Facebook site will reveal..... You guessed it! A picture of the person!
 |
| Social authentication illustrated |
If you look at the pictures and names used as an example in the Facebook blog, you'll see that you could probably narrow down the candidates to two names pretty quick. A google search will likely reveal which one is correct, just click on the link. I place my bets on Alok.
http://www.google.no/search?q=site%3Afacebook.com+%22alok+menghrajani%22You'll find the public profile in Google for everyone who has enabled "Public search" in their Facebook privacy settings. For the record, there's also a privacy bug I recently blogged about that makes matters worse — anyone who has commented on or liked a public page can also be found in Google.
That was the scenario of the "hacker on the other side of the planet" attempting to log in to your account. The other scenario is that someone close to you — familiy or friends — attempts to steal your profile. They can also google. In addition they probably know who most of your friends and colleagues are, and what they look like. So, in my opinion there's not much security added by the social authentication scheme.
The privacy failure
Many Facebook users set the visibility of their profile, pictures, and so on to "Friends of Friends" or even tighter with "Friends only". The assumption here is that the people you have narrowed this down to have to log in to Facebook to see your pictures. This gives you some assurance that your content is not made available to strangers. At the first glance, the social authentication is aligned just fine with the privacy settings used by most Facebook users. But if you start thinking about it, you'll realize that there are subtle problems.
When Facebook finds it questionable whether one of your friends is actually signing in herself, they might show a picture of you to be coupled with your name, in order to achieve some extra assurance that everything's in order. In other words: If Facebook is unsure whether it's your friend logging in or a complete stranger who knows your friends password, the'll show a photo of you just to make sure. You didn't intend Facebook to show your photos to strangers, did you. Well, they do — because they're afraid it's a stranger.
To make matters worse, it seems that Facebook selects a random photo you've been tagged in, either by yourself or by other users. One of my colleagues brought this to my attention, as he was confronted with the new social authentication procedure. One of his friends was shown in a picture, taken from a night on the town when the hour was getting late. Nuff said. Maybe not the picture you'd want to show to people when they log in. I won't post the screenshot here for obvious reasons.
Finally, a brief speculation. There's probably a good chance that someone can tag you in a photo, and it'll be used for social authentication irrespective of whether you've seen the photo or not. Speculation ended.
So to summarize, I don't believe that the social authentication adds much (any) security to your Facebook account. On the contrary, it introduces yet another privacy issue for Facebook users.
If you want better security, you should have a look at the one time passwords instead, they were a much better addition. That's what Facebook should use instead of social authentication when they're unsure if it's the correct user they're signing in.
Maybe you should check out this article for some information about phone spy apps and phone tracking apps. It could be very interesting
ReplyDeleteThanks for sharing amazing information !!!!!!
ReplyDeletePlease keep up sharing.
Very interesting blog. Thanks for sharing.
ReplyDeleteNO.1 API DEVELOPMENT SERVICES | MASSIL TECHNOLOGIES
wow...nice blog, very help full information. Thanks for sharing.
ReplyDeleteBest Digital Transformation Services | DM Services | Austere Technologies
Excellent informative blog, keep for sharing.
ReplyDeleteBest System Integration services | Massil Technologies
Are you struggling for a better future for your kids? Read this article and you will know what to do!
ReplyDeleteAlthough the shipping company relocates from Jeddah to Syria depends on a large number of packaging materials that the company can pack the luggage and can through it move them from one place to another with the highest potential that they can packaging the luggage properly until it is transported
ReplyDeleteشركة نقل عفش
ReplyDeleteGreat Article
Network Security Projects for CSE
JavaScript Training in Chennai
Project Centers in Chennai
JavaScript Training in Chennai
Welcome White guilty pleas to these offences, which have spared the victims the ordeal of a trial. We are pleased to see White appropriately sentenced by the courts for what are very serious offences. A source said White is currently inside a male prison and that is where he will serve his sentence..
ReplyDeleteThere was fantasy in full MK Outlet Online colour Coach Outlet Online provided by the Government's Best Yeezys pronouncements on everything from the Punjab problem to war threats from Pakistan and. Finally, no posture could have been more film like than that adopted by the fire breathing fanatic, . Rama Rao.
He says a gentleman came into his shop on February 9th wanting to sell a piece of jewelry he stumbled upon while walking on the Cheap Michael Kors Handbags dried up bed of White River Lake. "The lake was down Ray Ban Outlet about 30 feet from the Coach Outlet Clearance Sale droughts," Oakley said. "He was walking near the water's Jordan Shoes For Sale edge when he saw this Nike Air Force 1 Cheap Outlet black glob..
ReplyDeleteskycut plotter india
experts
mobileskinsoftware
silhouette cameo 4
mobileskinsoftware
ambition gifts
top sublimation
wemaketrips
Wow!! You did really good work. I really appreciate your new and different post. Please guys keep it up and share with us some unique post in the future!!
ReplyDeleteBuy gmail pva accounts
There's probably a good chance that someone can tag you in a photo, Someone To Write My Essay For Me and it'll be used for social authentication irrespective,
ReplyDeleteHey guys! I would love to recommend you a beautiful service for essay writing and homework! You need some help you can ask this guys for help! They really know how to do it ! Just write essay writing gonerdify service and be ready for help! Good luck!
ReplyDeleteAdobe Photoshop Lightroom Crack is, without a doubt, the best professional photo workflow software. The software for photography is available in two different applications: the consumer-oriented Lightroom and the more professional-oriented Lightroom Classic that we have reviewed here. Lightroom Classic offers professional photographers the ability to import, organize and edit everything they take. Recent updates have added new pro pre-sets Super Resolution upscaling, Apple Silicon M1 support, live view for Nikon Tethering, local color adjustments, a textured slider, and many more.
ReplyDeleteIObit Driver Booster Pro Crack
Nexus VST Crack
4K Video Downloader 2022 Crack
Ashampoo UnInstaller Crack
부산출장샵
ReplyDelete울산출장샵
논산출장샵
울산출장샵
대전출장샵
논산출장샵
서귀포출장샵
This blog post about why Facebook's social authentication fails is a thought-read. I really encourage you effort for providing us valuable information. Now read more about 2k database for more information.
ReplyDelete