[LINK] Pot, Kettle: Google points finger at Facebook hypocrisy, blocks Gmail import
rick at praxis.com.au
Mon Nov 8 11:11:42 EST 2010
Kim Holburn wrote:
>> ... which Facebook is handily winning, with its Connect service that automatically logs you into some sites (and transfers your profile) and gives sites and now phone apps an easy way to let people login via their Facebook credentials. It’s a convenience that puts Facebook firmly at the center of the Web.
IMHO it is a convenience that leaves web users wide open to exploitation by attackers
and identity thieves.
Using one's Facebook credentials as a single authentication source is a Very Dangerous
Thing (TM). Such behaviour constitutes a security single point of failure. If those
credentials are compromised, then a user's data and security are compromised on all
the sites that use the auto login feature. Now how could that happen? Let me count
the ways .... Shudder.
The problem only gets worse on dumbed-down smart devices like phones and pads that
attempt to make migrating the web as seamless as a single click. The more that security
features and authentication mechanisms that are intended to protect you are hidden,
the less secure you are.
IIRC, Rule #1 for password authentication is: never use the same password twice.
Rick Welykochy || Praxis Services
When choosing between two evils, I always like to take the one I haven't tried before.
-- Mae West
More information about the Link