Using Facebook Connect for Authentication does Involve Risk
I think I blog because I want to force myself to explore a topic in more detail and if I post on a topic I hope to validate to myself that I understand the topic. I have wanted to post on the growing influence of Facebook Connect as an authentication gateway to many web apps. I just have this feeling that expanding our use of our Facebook identity as a convenient way to authenticate to other websites is not going to end well. We are basically authorizing our Facebook personal identity information be used to sign us up for other web applications. This does make tremendous sense for convenience but isn’t this web of trust growing a bit too large. And why would I choose Facebook to be my identity bank. We probably would not but I suppose the benefits out weigh the risks, or at least our understanding of the risks.
When it comes to worrying about the risks all I find is concern about how inconvenient it would be to lose access to all of those other websites if my Facebook account were to be hacked. Nobody wants to talk about the trust you accept when giving all of these companies access to your personal information. But of course we feel good that we can control what personal information is given out by setting our Facebook privacy rules. Unfortunately for your Facebook experience to function effectively you really do give away the farm with respect to personal identity under the qualifier that it will only be shared with friends. This all goes back to a classification of the sensitivity of personal identity items. Such as DOB, gender, zip code, these are all totally anonymous bits of data, right? Wrong, they are bits of data that validate who you are when compared to other truly anonymous bits of data that may exist in truly sensitive data repositories such as medical records.
OK, so I’m a bit paranoid about how one’s identity can be compromised, but that comes from my Bioinformatics Master’s Thesis I wrote 8 years ago entitled: “Security of Our Personal Genome”. Combine that with my knowledge of how sophisticated data search and match algorithms have become and I realize that all it takes are a few bits of anonymous information to validate who I am. And those compromises are not being identified in major headlines. I fear the damage from these compromises may mean that you will not qualify for certain insurance options or you may not be given a job when deserved, etc. Knowledge is power, knowledge comes from turning data into usable information, companies gain power by using this knowledge. Sorry, but it is something worth thinking about.