Healthy Passwords



Are You Trading Convenience for Security

Date: 2011-06-25 15:58:43

Ken Klein, Healthy Passwords
June 25, 2011 4:00 PM EDT

You’re at a website and want to participate. You have a choice to create a new account or use Facebook to login. Which do you choose?

If you’re like most people, you pick the easier way. According to research by unsubscribe.com users use Facebook to login at third-party sites, every three days. This grants long-term access to more than you think.

Too Much Access Granted

From an authentication (user name / password) perspective, fewer logins means fewer places your email and password are stored. Using one password is better than leaving breadcrumbs all over the internet waiting for the next big breach, isn’t it?

Logins using social network accounts just swaps risk. Every time a social network ID, such as Facebook, is used to authenticate at another site, the user provides long-term access to their social networking data. The amount of access varies, but it’s not uncommon to grant access to:

  • Your Posts

  • Your Favorites

  • Your Friends

  • Your Important Dates

By granting access to third parties you legally give corporations access to your data. Besides being a dream for marketers, this type of access can also add additional cross site scripting vulnerabilities to your linked social network account while on the third party site. Most apps only can access your data while you’re at their site, but some apps require “Access My Data at Any Time”.

It’s a tough decision. Businesses are being compromised at alarming rates. A recent New York Times Blog Post sites a new Ponemon Institute survey of 581 security professionals broadly agreeing that cyber attacks are getting more frequent, more severe, and harder to detect and stop. Ponemon also shows that many breaches are caused by human error. Too much access increases risk.

Most people use a single password for multiple logins, exposing them to potential loss. Creating an account at every site you contribute to multiplies this risk. On the other hand, Facebook and Twitter have adequate staffing to secure user credentials. They’re not infallible, but they are less likely to lose your password than many other sites. What’s a good balance?

Two options are: Login using the social network credentials, and revoke access after your done (instructions for this are at Healthy Passwords). Use a password manager to generate unique passwords. We don’t advocate using password managers for high risk sites, but they can be a good tool for low to moderate risk sites. Just be sure to look at password manager reviews before choosing one.

Category: Vulnerability

Subcategory: Website

blog comments powered by Disqus
McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

 Subscribe in a reader




Home | Live CD Listing | Password Worksheet | Third Party Ratings | Purchase | Errata | Contact | News | News Archive | Legal

Copyright © 2011, Sustainable Alternatives, LLC | Ligonier, PA 15658 | 724-238-9560 | All Rights Reserved.

 Sustainable Alternatives, LLC BBB Business Review