Friday, February 4, 2011

Facebook using Social Authentication

Facebook has introduced an "innovative way to verify real users rather than using CAPTCHAS. Using the Social Login feature (or Social Authentication as Facebook calls it), users will be shown a few pictures of their friends and then they will be asked to name the person in those photos."

The logic is that it would be harder for hackers to be able to identify your friends. This would work quite well against a program but I'm not particularly thrilled by this idea in practice. A group trying to hack a celebrity's or political figure's site would be willing to do the research so they to would be able to recognize a large number of the person's friends. Thus compromising the security measure.

It does remind me of a photographic password system that XEROX PARC (I think it was XEROX PARC) came up with several years ago. I wonder why it never took off - that idea seemed to be excellent. The photographic system would take a photo - show it to you and say THIS IS THE PASSWORD. It would then make, as for example, twenty-nine variations on a theme. The human being would easily be able to remember the correct photo but our language is not nuanced enough for it to be accurately described to another.

Obviously there was a flaw to the system otherwise the idea would have spread.

No comments:

Post a Comment