Hey will you give me the username and password for you email account, how about your contact manager account? Hopefully your answer to this question would be a resounding NO. Applications like Facebook are asking you to consolidate your contacts from the different applications you use to manage these contacts. Consolidation of these contact lists only make sense, the idea is easy access and interaction with these people.
It is this consolidation that is the chink in your online identity armor. To consolidate these contact managers, these applications need your username and password for access, and typically people willingly hand them over. This is where the problem can begin.
Chris Clark of Deploying Web 2.0 in the Enterprise posts Spreading Fear Uncertainty and Doubt about Web 2.0 technologies that scams are not new to Web 2.0 technologies, scams have just been updated to take advantage of the new Web 2.0 functionality.
In his post How Facebook Makes Identity Theft Easier Dare Obasanjo of Carnage4Life writes
Last month there was a press release published by Sophos, an IT security company, with the tantalzing [sic] title Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves
The post from Dare with the statistics is a real eye opener. These stats are from information gathered using a fake profile created on Facebook, sending friendship requests to individuals chosen randomly across the globe:
Sophos Facebook ID Probe findings:
- 87 of the 200 Facebook users contacted responded to Freddi, with 82 leaking personal information (41% of those approached)
- 72% of respondents divulged one or more email address
- 84% of respondents listed their full date of birth
- 87% of respondents provided details about their education or workplace
- 78% of respondents listed their current address or location
- 23% of respondents listed their current phone number
- 26% of respondents provided their instant messaging screenname
Jeff Atwood of Coding Horror writes in his post You’re Probably Storing Passwords Incorrectly, that people are losing the importance of usernames and passwords when it comes to entering information in Facebook.
The web is nothing if not a maze of user accounts and logins. Almost everywhere you go on the web requires yet another new set of credentials. Unified login seems to elude us at the moment, so the status quo is an explosion of usernames and passwords for every user. As a consequence of all this siloed user identity data, Facebook and most other web apps encourage us to give out our credentials like Halloween candy.
These authors warn of adding username and password to any Facebook app just because it is requested. For Facebook’s to synchronize your contacts from numerous accounts your username and passwords is needed to perform this synchronization. Are you sure the app you are adding is from Facebook, or is it a third party application? Is this app from a verified source?
This is post is to serve as a warning to remind you, when you are entering your username and password for your email account, or contact manager, are you sure you know who you are giving this information to?
Warning – Take care with your username and passwords, no matter what system you are interacting with – Trust but verify.