Using Facebook Connect for Authentication does Involve Risk

I think I blog because I want to force myself to explore a topic in more detail and if I post on a topic I hope to validate to myself that I understand the topic. I have wanted to post on the growing influence of Facebook Connect as an authentication gateway to many web apps. I just have this feeling that expanding our use of our Facebook identity as a convenient way to authenticate to other websites is not going to end well. We are basically authorizing our Facebook personal identity information be used to sign us up for other web applications. This does make tremendous sense for convenience but isn’t this web of trust growing a bit too large. And why would I choose Facebook to be my identity bank. We probably would not but I suppose the benefits out weigh the risks, or at least our understanding of the risks.

When it comes to worrying about the risks all I find is concern about how inconvenient it would be to lose access to all of those other websites if my Facebook account were to be hacked. Nobody wants to talk about the trust you accept when giving all of these companies access to your personal information. But of course we feel good that we can control what personal information is given out by setting our Facebook privacy rules. Unfortunately for your Facebook experience to function effectively you really do give away the farm with respect to personal identity under the qualifier that it will only be shared with friends. This all goes back to a classification of the sensitivity of personal identity items. Such as DOB, gender, zip code, these are all totally anonymous bits of data, right? Wrong, they are bits of data that validate who you are when compared to other truly anonymous bits of data that may exist in truly sensitive data repositories such as medical records.

OK, so I’m a bit paranoid about how one’s identity can be compromised, but that comes from my Bioinformatics Master’s Thesis I wrote 8 years ago entitled: “Security of Our Personal Genome”. Combine that with my knowledge of how sophisticated data search and match algorithms have become and I realize that all it takes are a few bits of anonymous information to validate who I am. And those compromises are not being identified in major headlines. I fear the damage from these compromises may mean that you will not qualify for certain insurance options or you may not be given a job when deserved, etc. Knowledge is power, knowledge comes from turning data into usable information, companies gain power by using this knowledge. Sorry, but it is something worth thinking about.

About ghsmith76

Greg Smith is currently the Interim CIO at Western Washington University. Prior to WWU Greg was the CIO at Missouri S&T, and before that the CIO for George Fox University in Newberg, OR. Greg went to the Northwest from the Purdue School of Engineering and Technology in Indianapolis, IN. where he served as the Director of IT for 8 years. Prior to the IT career in Academia, Greg was a Systems Consultant with Hewlett-Packard primarily with the Analytical Group working out of San Francisco,Cincinnati and Indianapolis. Greg's passion as a CIO in Higher Education comes from his belief that Technology can benefit Teaching & Learning.

Posted on July 1, 2011, in Authentication, Facebook, security and tagged , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s