What is Facebook Connect? Facebook Connect, along with OpenID, is a single sign-on system that allows you to log in to multiple websites and services with a single username and password combination. The appeal of such a service is that you no longer have to remember a large number of username and password combinations. But there are also disadvantages to using a single sign-on service.
- Fewer passwords to remember
- Less likely to get “password fatigue,” causing you to use one username and password everywhere
- If your username and password combo are discovered, you are more vulnerable to loss of control over your information
- It is essentially the same as “password fatigue” and has all the same negative implications
- Potential to get locked out of not just one site/service, but every site/service you use
I like that my Google account has only 1 username and password to control the different services. I don’t like that if someone got access to my Google account then they have the same access Google Checkout as they do to my Google News preferences. Take my Google News, but leave my Google Checkout account alone please. But by having 1 username and password combo across all 31 different Google services that I use, I can choose a much stronger password instead of 31 different weak username/password combinations. The reality is that if I did have to create different accounts for each service, I would be tempted to choose 1 username and 1 password to use across their services.
However, I do have multiple usernames and passwords across the Internet. My login credentials to Facebook is a different set of information than it is with Google. That provides me with some security that if one gets compromised I don’t lose control of everything.
This brings me to Facebook Connect specifically. I am scared to use it. With Facebook’s constantly changing rules on privacy and connectivity to the rest of the Internet, I am concerned that connecting to another website with my Facebook credentials could have negative implications. For example, when I connect to a website using Facebook Connect, what information will that website have about me and what will it begin to post to my Facebook wall? While I don’t know if Facebook Connect will spam my wall with content, I do know that applications I have installed in the past posted content to my wall for my friends to see that I didn’t necessarily want them to have access to.
Secondly, Facebook is a huge target right now. Earlier this year a cracker was found trying to sell the login credentials for 1.5 million Facebook users. As far as I can tell he has not been caught. Facebook is a favorite place for nefarious attacks at the moment. I don’t want my login information to be on the popularity radar. If I use Facebook Connect on all my Internet logins, that increases the chances that someone could get my information and destroy my web presence.
My final, big concern about Facebook Connect is the stability of Facebook. I realize that Facebook is a big player in today’s Internet. But that does not mean it is mature. What is to stop Facebook from pulling my account? Or, deciding that I no longer deserve to be part of their ecosystem? The reason I trust Google is their longevity and that they haven’t been accused of as many boneheaded, stupid mistakes that Facebook has. Besides, if I lost my Google account, that is 31 services that I get locked out of. But if I am a heavy user of Facebook Connect then I could potentially lose my complete Internet presence by losing access to all the information that I have at other websites.
Imagine you are a missionary in a closed country where participating in Christian activities could get you kicked out or killed. Would you trust all of your on-line activities to Facebook or any single point of failure? While you may not be in this situation today, what happens 2 years from now when God calls you to one of these countries? Do you try to fix things at that time, or would you rather stay out of the mess in the first place?
I am interested in your opinions about Facebook Connect and other single sign-on systems, includingOpenID. Do you think they are dangerous? Do they scare you? Please post a comment.