Facebook social authentication a bad idea

At least in its current form.

I used the photo recognition captcha system to reset a friends password, I used up my 3 skips, and had to guess 1 photo, but the rest I could recognise, and that was ALL I had to do, it wasn’t just one of several checks, it was the ONLY check I had to pass to take control of the account. Even if I didn’t recognise any of the people in the photographs, I could just have gone and looked at her photo’s on facebook to see who was tagged in them.

This is an extremely insecure feature of facebook they should remove it ASAP.

In this instance, my friend had asked me to recover her account as her password had been changed by someone, somewhere, perhaps they used this totally inadequate and insecure captcha feature to gain access to her account in the first place.

Can’t believe facebook are so stupid as to think this is a secure means of authentication.


About austinfrance

Technical Developer @ RedSky IT / Explorer Software
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s