I’ve just read on this ZDnet article. The jist of the whole thing is that you can now simply create a Facebook account with your GMail account. Then, you can just login to your GMail account, then go to Facebook, and you’ll find yourself logged in. Seem like a pretty neat idea…or not.
Firstly, if you’ll just jog your memory not too far back, you’ll remember a number of phishing attacks that Facebook came under. A large number of login IDs and passwords were stolen as well. So that got me thinking, if I login with my GMail account and password, and if that got stolen, that would probably lead to a lot more trouble.
By the way, the entire concept is called OpenID, which lets you login to multiple web services with just one set of credentials. The login and password can be of one of the many OpenID providers, like Google, Yahoo!, Microsoft, PayPal et al. It’s pretty useful, but then, even if the security of even one of the websites accepting OpenID accounts is compromised, it could, lead to trouble with your entire online life.
May 21, 2009 at 12:31 am
Password is not passed on in OpenID. OpenID is more secure than most password-based login systems. Even if there was an attack, only one session of OpenID would be compromised that too restricted to just Facebook. That is the ‘jist‘ of OpenID.