Modern Australian
The Times

Facebook hack reveals the perils of using a single account to log in to other services

  • Written by Mike Johnstone, Security Researcher, Associate Professor in Resilient Systems, Edith Cowan University
Facebook hack reveals the perils of using a single account to log in to other services

Facebook announced on Friday that its engineering team had discovered a security issue affecting almost 50 million accounts. Due to a flaw in Facebook’s code, hackers were able to take over an account and use it in the same way you would if you had logged into the account with a password.

The company says it has now fixed the problem in its code and reset access tokens for those accounts – along with 40 million other accounts that were vulnerable to the flaw. If you found yourself logged out of your Facebook account last week, it’s likely you were affected.

Read more: Overcoming 'cyber-fatigue' requires users to step up for security

Beyond that, little is known about the extent of the security breach. In its security update, Facebook said:

Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based.

What it means

This is not the worst data breach to date. That accolade belongs to the credit bureau Equifax, which had personal data stolen from the accounts of 147 million people. But, unfortunately for Facebook, there are several flow-on effects from the recent hack.

First, the breach may run afoul of the European Union’s General Data Protection Regulation (GDPR), which was introduced in May. Although the GDPR only applies to European citizens, the penalties for data breaches are severe – up to 4% of global turnover per breach.

Read more: Regulating Facebook won't prevent data breaches

Second, any accounts on other platforms that use Facebook verification are also at risk. That’s because it’s now a common practice to use one account as an automatic verification to connect to other platforms, for example by using a Facebook account to log in to another social media platform such as Twitter, Spotify or Instagram. This is known as single sign-on (SSO).

How single sign-on works

If you connect to any system, you need some form of authentication – usually a login credential such as a username and password pair. When you have many different systems that all require credentials before you can use them, suddenly you’re faced with remembering ten different (ideally very long) passwords.

Some people can do this, but many can’t. And we still want the systems to be secure. If we could connect to one system that was trusted by the others, and use the trusted system’s password, then we wouldn’t need ten passwords – just one. That’s the principle behind SSO.

But this only works as long as the trusted system is secure. If it’s not, a cybercriminal could use the hacked account on one platform (in this case, Facebook), to access any other connected platform.

What you should do

Authentication usually works because of one of three factors:

  • something you know, such as a password
  • something you have, such as an access card
  • something you are, such as a fingerprint.

Clearly, using more than one factor increases security. In your Facebook account, you can choose to use two-factor authentication. That means that you would need to enter your password plus a code sent to you via an SMS message when you next log in.

Read more: The age of hacking brings a return to the physical key

The future of verification

There is always a tension between usability and security. People want systems to be secure so that their identities aren’t stolen, and they also want the same systems to be easily accessible. SSO is an attempt to balance usability and security, but the Facebook hack reveals its limitations.

Many people don’t like passwords, so they choose easily remembered, and therefore easily breakable, passwords. Cybercriminals have access to lists of millions of common passwords (hint: “Gandalf” isn’t as unique as you might think).

Access tokens, such as cards or other physical devices (as used by some banks, for example) are a solution – as long as you don’t lose it. It might be that using a unique physical attribute is the best way forward. After all, you always carry your fingerprint, iris or voice with you.

Authors: Mike Johnstone, Security Researcher, Associate Professor in Resilient Systems, Edith Cowan University

Read more http://theconversation.com/facebook-hack-reveals-the-perils-of-using-a-single-account-to-log-in-to-other-services-104227

Plantation Shutters vs Curtains: Which Is Better for Your New Home?

Moving into a new home is an exciting opportunity to personalise your space and make it your own. While many homeowners focus on furniture, flooring...

Celebration of Life vs Traditional Funeral: What's the Difference?

When saying goodbye to someone you love, there is no single way to honour their life. Every family has different traditions, beliefs, and preference...

Building Approval for Roofing Projects: What Homeowners Need to Know

Roofing projects are an important part of maintaining and protecting your home. Whether you're repairing storm damage, replacing an ageing roof, or ...

Chatswood Tutoring And Its Role In Academic Achievement

Academic success often requires more than classroom attendance alone. Students face increasing expectations as they progress through school, particu...

Why Laser Hair Removal Treatments Continue Growing In Popularity

Managing unwanted hair can become time-consuming and frustrating for many people, especially when shaving, waxing, and other temporary methods requi...

Choosing the Right Devices for a Flexible Workplace

For IT leaders managing large fleets, the device layer is where workforce productivity and security policy meet. The shift towards flexible and hybrid...

How Business Advisory Services Help Companies Achieve Sustainable Growth

Every business owner aims to build a profitable and sustainable organisation. While dedication, innovation, and hard work are important, achieving l...

Why Body Contouring Has Become A Popular Cosmetic Treatment

Many people maintain healthy lifestyles through regular exercise and balanced eating habits but still struggle with stubborn areas of fat that are d...

How to Choose the Right POS Hardware for Your Business in Australia

A lot of Australian business owners spend weeks researching POS software but buy hardware almost as an afterthought. That's a mistake. The wrong har...

Why Material Handling Hose Is Critical for Industrial Efficiency

A high-performance material handling hose is an essential component in industries that transport abrasive, dry, or bulk materials on a daily basis...

How to Choose the Right Lawyer in Melbourne for Your Situation

Choosing legal support can feel difficult, especially when the stakes are personal or business-related. The right lawyer in Melbourne should underst...

Hoteliers Look to Clever Value Adds to Increase Revenue

The Australian hospitality industry is still in recovery mode after a notoriously rough patch in recent years. While there has been a post-COVID tra...

Moving to Queensland? Here’s How to Prep Your Car for the Big Move North

There’s no sign of the northern migration slowing down, with thousands of southerners fleeing from chaotic lifestyles and cooler climates for a brig...

Diesel Shortage to Impact Trades and Contractors

Strait of Hormuz blockage affecting all major parts of trades and construction Trades and construction across residential, commercial and industria...

Why Holiday Home Owners Turn to Rental Management Agents

The Allure — and the Reality — of Renting Out Your Property Owning a holiday home is a dream for many Australians. Whether it's a beachside sha...

Why Finding Reliable Doctors In Bundoora Is Important For Long-Term Health

Access to quality healthcare plays an important role in maintaining overall wellbeing and managing health concerns early. Trusted Doctors in Bundoor...

Understanding the Different Types of Car Services: Minor vs Major

When it comes to car maintenance, one of the most important things every vehicle owner should understand is the difference between a minor and a maj...

How Superannuation and TPD Insurance Work Together

Superannuation is an essential part of financial planning in Australia. It is designed to provide individuals with income during retirement, helping...