This article was originally posted at the I Shared What?!? blog on 7 January 2011.
Facebook’s identity system might very well supply something that VeriSign, Microsoft, Yahoo, and Google have all struggled to offer: a single “driver’s license” for the Internet. (This leaves aside the question of whether it’s a good thing for one company to hold such a position of power.)
Putting aside necessary notions of sharing best practices (which might cut down on the amount of successful phishing that goes on) or a licensing body (whose “rules” we would need to agree to abide by), the article is really talking about user authentication and authorization: access to all the sites that you have accounts on. We use an account name and password for each site, and tracking them has long been recognized as a problem–how do we keep it all straight? Facebook, Technology Review points out, is positioning themselves to be THE single sign-on (SSO) site. The article continues:
Unfortunately, Facebook still has two important vulnerabilities that makes its website significantly less secure than those of most U.S. banks: its reliance on a single user name and password to gain access to an account, and its use of an unencrypted cookie for tracking which web browsers are logged in.
At the risk of turning everything digital that I care about over to a company whose practices are inconsistent at best and arguably not in their individual user’s interests, I’ll wait until a “driver’s license” is required. Meanwhile, to control my digital assets I’ll keep looking at new tools as they become available.