View profile

Big Revolution - Two sides to every security token

Welcome to Monday's Big Revolution. After Friday's news of the huge Facebook hack, it now feels like
October 1 · Issue #218 · View online
Big Revolution
Welcome to Monday’s Big Revolution. After Friday’s news of the huge Facebook hack, it now feels like the calm before the storm when we’ll find out exactly how big an impact it’s really had…

Big things you need to know today
  • The UK government-owned British Business Bank is considering directly investing in startups, the Telegraph reports. This will be a controversial move for many who question whether tax payers’ cash has a place fueling high-risk tech startups, and whether founders should want the tax payer as an investor.
The big thought
Credit: Thought Catalog on Unsplash
Two sides to every security token
When news broke on Friday about the massive hack of 50m Facebook accounts, one of the most frightening elements of the story was that anyone who gained access to your account could also access any other accounts where you used Facebook as a login. So, they could have a dig around your Airbnb account, for example.
This caused some online to say that using your Facebook account as a ‘passport’ for logging into sites and apps all over the internet was always a bad idea, and that anyone who implemented a Facebook login was lazy and risking their users’ security.
There’s two sides to that coin though. Logging into third-party services with Facebook wasn’t always a bad idea, as Chris Messina explained in a Twitter thread on Saturday:
Chris Messina
Anyway, Facebook Login wasn't only beneficial for the convenience but also because it meant that users who reused the same password were spreading it around less, reducing the surface area of attack. It's important to keep this context in mind even in light of this latest fiasco.
5:20 PM - 29 Sep 2018
Passwords used to be hard. The easiest solution was the reuse the same password everywhere – and many people did that. Using Facebook as an ID across the web helped keep people safer by simply not having passwords for many services at all. Most people would trust Facebook’s security over a tiny startup you might want to sign up for an account with, anyway.
Times change, and online security is now easier to use and stronger than ever. Password managers are built into some operating systems and browsers as standard, fingerprint and facial recognition is supported by some services, and two-factor authentication is increasingly the norm.
In a world where it’s easy to create a unique password for every site you visit, and secure it even further with two-factor authentication or biometric tech, logging in with a Facebook ID seems risky and archaic. But it had its time, even if we’re now experiencing its downside.
One big read
Until data is misused, Facebook’s breach will be forgotten Until data is misused, Facebook’s breach will be forgotten
As is usually the case, the public at large won’t care much about the Facebook hack unless they feel its effects. That said, if Facebook finds out that, say, a nation state broke into users’ accounts and had been sniffing around, trust in Facebook would likely collapse faster than its stock price.
One big tweet
Apple should bring back this design aesthetic. Got to love those hollowed-out ‘p’s.
Jon Erlichman
On this day in 1977: Apple’s last day of production for its first computer
3:47 PM - 30 Sep 2018
That’s all for today...
See you again tomorrow. In the meantime, don’t forget:
  • if you have any feedback on Big Revolution, you can always hit ‘reply’ to this email
  • if you like this newsletter, share this link with your friends and suggest they subscribe
  • if you want to help support this newsletter, you can become a member for $5 per month. More details
Did you enjoy this issue?
Become a member for $5 per month
Don’t miss out on the other issues by Martin SFP Bryant
You can manage your subscription here
If you were forwarded this newsletter and you like it, you can subscribe here
Powered by Revue