This is interesting for a couple of reasons:
- It basically guarantees that you will ALWAYS be signed into FB, etc. If there are times when you're not regularly using Facebook and perhaps your session has even expired, Facebook Connect (used to link up your account and provide your Facebook identity to a different site) will refresh your Facebook session.
- It centralizes authentication for basically the entire Internet which means it's a pretty big target... Break my Facebook account and you have access to lots of other accounts that I have. I suppose it's arguable that a person's digital presence is more secure if they have distributed accounts, but it would at a minimum make it a little harder for an attacker and if the user uses multiple strong passwords it's a good deal harder.
- It creates a huge moat for Facebook and cedes them a a lot of power. Don't like what they're doing with your account or generally and you're inclined to cancel your account? Think again, it's going to be a pain to have to re-setup all of those other accounts unless you plan on losing access to other things you care about.
Generally, I'm not a security or privacy conscious person but the more I think about this the more it seems like there should be some central/regulated/neutral authority for identity and authentication.
No comments:
Post a Comment